This year’s Def Con conference, held in Las Vegas from July 27 to July 30, was different from those in the past. For those of you unfamiliar with Def Con, it is the world’s largest and longest-running (25 years) underground hacking conference.
The difference, that should not be ignored by investors like you, is that this time many of the largest medical device manufacturers in the world were there too, as was the Food and Drug Administration. Among the medical device makers present were Johnson & Johnson (NYSE: JNJ) and Philips NV (NYSE: PHG).
The reason is rather straightforward. . .the growing and very real danger of medical devices, used by everyday people like you, being hacked by unscrupulous parties. Whether for financial gain or for purposes of instilling terror, people’s lives are increasingly at risk.
According to the 2016 IBM X-Force Cyber Security Intelligence Index, the most cyber-attacked industry is healthcare. Quite a change from a few years ago when it wasn’t in the top 10. Cybersecurity Ventures adds that attacks on the healthcare sector were up 35% over the past year.
Of course, many of these hacks were just to gain patients’ information. More than 100 million patients records were breached last year, according to IBM. Others were to demand ransom from hospitals in exchange for unlocking their computer systems.
But then there are the more worrisome hacks. . . . .
Three events over the past two years highlighted the vulnerabilities of modern medical devices to hacking. These included a flaw in J&J’s insulin pump involving 100,000 patients that could allow hackers access, the vulnerability of pacemakers from St. Jude Medical [now part of Abbott Laboratories (NYSE: ABT)], and the possibility of the hacking of Hospira Symbiq [now owned by Pfizer (NYSE: PFE)] infusion pumps.
These incidents only highlight the fact that modern medical devices are both a blessing and a curse.
Medical devices with features like wireless connectivity, remote monitoring and near-field communication technology allow doctors to adjust and fine tune implanted life-abetting devices without invasive procedures. But these same features expose the devices to unscrupulous people that could care less about a patient’s health.
It’s not hard for hackers to find out about these medical devices. A simple search on the search engine for internet-connected devices, Shodan, will bring up more than 36,000 healthcare-related devices.
Here’s something else to think about – U.S. hospitals average 10 to 15 connected devices per bed. And a large hospital system may have 5,000 beds. That’s a lot points of vulnerability for hackers to exploit.
What was even more scary to me, and what should grab your attention too, was that the recent WannaCry ransomware attack actually infected radiology equipment made by Bayer AG (OTC: BAYRY). The company received two reports of U.S. customers with infected devices. Healthcare wasn’t even the target and yet some devices were affected.
Healthcare Hack Investing
The good news is that both the medical devices companies and the FDA are becoming proactive in safeguarding our health from hackers. But it will continue to be an ‘arms race’ between the safeguards built in or added to medical devices and the growing sophistication of the hackers.
As I’ve stated before, the need and demand for cybersecurity in all facets of our connected society will only grow in the months and years ahead. So despite Wall Street pretty much ignoring the problem, you should not.
That translates to you having a small portion of your portfolio devoted to cybersecurity. The best way to get broad, global exposure is through the two exchange traded funds (ETFs).
These are the First Trust Nasdaq Cybersecurity ETF (Nasdaq: CIBR) and the ETFMG Prime Cyber Security ETF (NYSE: HACK). Both portfolios have broad similarities, although I lean towards HACK because it has somewhat more global exposure.
One point about HACK – ETF Managers Group has given PureFunds the boot. The PureFunds ISE Cyber Security ETF is now called the ETFMG Prime Cyber Security ETF, although the symbol stays the same. The ISE Cybersecurity Index is out and the Prime Cyber Defense Index is in. But for you and me, the indexes are almost identical, so there it doesn’t really affect any investment decision.
As I mentioned earlier, Wall Street is ignoring the cyber security problem, so both ETFs have been relative laggards to other technology sectors. CIBR is up 9.5% year-to-date and 17.75% over the past year. The numbers for HACK are 11.25% and 14.66% respectively.
One stock in the sector that is doing well though is cybersecurity firm Symantec (Nasdaq: SYMC), whose stock has gained 31.25% year-to-date and over 50% the past year.
The company recently announced outstanding quarterly earnings. Revenues year-on-year soared 39.8% from $880 million to $1.23 billion, while earnings grew by nearly 25% from $177 million a year ago to $221 million in the latest quarter. Management also raised forward guidance a bit.
In this age of the Internet of Things and hackers, all three will be very good long-term investments.