Hacking Internet-Connected Medical Implant Devices
For some time, security experts have warned about the potential for cybercrime involving internet-connected medical implants. These devices, which include things like pacemakers, insulin pumps, and glucometers, send feedback to the patient’s doctor through wifi and radio signal, providing a more comprehensive level of care. Unfortunately, as with all Internet of Things devices, the potential for hacking and “cybereavesdropping” is always there.
That theory became a reality this month when security researchers discovered a flaw in ten different medical implants. These devices were all made by the same company and were built to function in such a way that the care team can send messages and instructions to the patient’s device. The flaw essentially created a hole in the code that let the researchers in; this allowed them to “take over” the devices, in some cases even shutting them off entirely.
Teams from the University of Leuven in Belgium and the University of Birmingham (UK) reported the flaw to the devices’ manufacturer, and the company created a patch to close up the security hole. Patients with vulnerable devices have been updated in order to install the patch and protect themselves from the possibility of having their medical implants hacked.
There are a few ways in which this news might be alarming to both patients and medical providers. The first possibility of having someone hack your pacemaker and stop your heart is obviously terrifying, but it is rather far-fetched. What is a whole lot more likely, though, is the possibility that hackers would issue a ransomware threat to the manufacturer: pay up, or we start attacking your patients’ devices. The fines for privacy violations alone would be overwhelming, but the resulting lawsuits would be even worse. This is why ransomware attacks against medical facilities have increased in recent years.
While the patients themselves had no control over the security flaw and therefore couldn’t have prevented it, the take away for individuals is the ever-present need to update all of your devices. The manufacturer has already updated its devices for the patients, but this is an everyday problem for anyone who owns a smartphone, tablet, laptop, web browser, anti-virus software…the list goes on. When a developer issues an update or patch, it’s important to install it before continuing to use your tech.
As always, anyone who believes their identity has been stolen or their personal data has been compromised is invited to connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.