Medjacking; the cyber-attacks that can be life-threatening

When we think of hacking we immediately think of passwords and emails being stolen or credit card information being compromised. However, this is far from the only thing hackers can obtain. Technological advances in the medical industry means there are now wireless medical devices in use that are much more efficient and effective than their traditional counterparts. The flip side of this is they offer a means for hackers to take control of the device.

Wireless medical devices, such as the wireless pacemaker which was approved by the FDA last year, have revolutionized the treatment of arrhythmias. The new pacemaker is the size of a pill and has no wires that connect to the heart. This significantly helps with reducing device-related infections. These devices are inserted through the groin and directly into the heart through the femoral vein which avoids surgery and doesn’t leave a nasty chest scar.

Other devices such as insulin pump systems have also been revolutionized through technology. The blood glucose monitor wirelessly transmits data to the insulin pump, then it automatically administers the appropriate level of insulin. However, the data sent from the monitor is not encrypted, allowing hackers to intercept the data from the monitor and send a false command to the pump, theoretically enabling a lethal dose to be administered.

Jay Radcliffe, a security researcher who tests medical devices recently said; “I’d rather stab myself six times a day with a needle and syringe” than use a wireless automated insulin pump.

Currently, there have been no incidents of a cybercriminal hacking a wireless medical device with the objective of harming someone, but it is still a risk we should take seriously.

To take a step in the right direction, the FDA issued guidance on what security features should be included for developers seeking approval of medical devices. Developers say the more secure they make the devices, the more difficult for doctors to get access in the event of an emergency. This is still a topic the FDA is trying to balance in order to find a solution to better protect patients. One temporary fix is to keep device software updated to ensure it has the highest level of security available.

This is an issue that unfortunately will not see much action until a serious attack occurs. Until then, however, it is important to raise awareness of the potential risks. Fortunately, experts say there are very few people out there who intend to hack medical devices and cause physical harm. For the moment, the bigger concern is devices being targeted to get a hold of medical records and information to extort the victims. Either way, knowing when a medical device has been compromised is much more difficult than figuring out if your credit card has been, and can lead to much more catastrophic consequences.

As with all new technology advances, it is critical that security is kept front-of-mind during the development lifecycle because if it can be hacked, it is only a matter of time until it eventually is.

Tags: No tags

Comments are closed.