“Medjacked”: Could Hackers Take Control of Pacemakers and Defibrillators—or Their Data?
by: The Knowledge Group
Are high-tech medical devices vulnerable to hacks? Hackers have targeted them for years, according to a new article in the Journal of the American College of Cardiology. But Dr. Dhanunjaya Lakkireddy, senior author of the paper, says hackers have harmed no one so far.
Manufacturers of implanted cardiac devices know of vulnerabilities in remote monitoring, the possibility of interception, and the potential for related malfunctions wherever devices run on software updates or wireless transmittals. And Former VP Dick Cheney once acknowledged disconnecting the wireless element of his heart defibrillator to avert “medjacking.”
But consumers benefit from remote-access technology, and even avoid surgical procedures because of it.
Proof of Vulnerabilities
in 2008, academic researchers took over a pacemaker and extracted data. Pacemaker hacking demonstrations show life-threatening electric shocks as among the possibilities. At least as frightening is a computer virus that could jump between pacemakers or implanted defibrillators. Several years ago, panelists at a National Institute of Standards and Technology meeting warned of malware that could infect hospital technology.
U.S. hospitals may keep medical equipment running on old versions of Windows with glitches and weak spots that newer versions have since fixed, because medical personnel cannot make changes that aren’t approved by the Food and Drug Administration (FDA). Cybersecurity experts note that FDA approval for equipment and technology follows safety tests. As for potential vulnerabilities to cyberattacks, medical devices do not receive the scrutiny of FDA testing.
Will the FDA Begin Cybersecurity Protocols?
At the moment, the FDA stance on protecting the public from device hacking is focused on mitigating risk.
The agency’s most recent “Cybersecurity of Medical Devices” workshop took place in May 2017, in collaboration with the National Science Foundation and the Department of Homeland Security’s Science and Technology division (DHS S&T). The workshop’s subtitle: “A Regulatory Science Gap Analysis.”
What if the current threat management approach proves insufficient in shielding consumer data? How will the integrity of medical records stay be protected? Will breaches lead to incorrect, unnecessary, even dangerous treatments?
For now, watchful waiting is prescribed.
Stay updated with the latest cyber-security developments, whilst earning continuing education credits with our extensive library of live and recorded webcasts. Be sure to check out our most recent events by clicking here.