Medical Device Hacking Blog Post Week 7

So I came across an article a while ago discussing something that I never even thought could happen in my wildest dreams. Medical devices being hacked. In this particular case it was heart devices that were being hacked. “St. Jude’s devices treat dangerous irregular heart rhythms that can cause cardiac failure or arrest. Implanted under the skin of the chest, the devices electronically pace heartbeats and shock the heart back to its normal rhythm when dangerous pumping patterns are detected.” (Abdollah, T. & Perrone, M., 2017).  With technology becoming more advanced and creeping into the health system there are more vulnerabilities than ever. In this case live medical information about a patient that a hacker can actively hack. They could turn off the device, shock a patient when not needed, and drain the battery life. All of which can have deadly impacts. In this case there was no evidence of this happening. St. Jude’s provided the patches to the system to keep this from happening.

However, this is not the only case. According to James Niccolai (2015), “Thousands of medical devices, including MRI scanners, x-ray machines and drug infusion pumps, are vulnerable to hacking, creating significant health risks for patients”. This was also shown when Jay Radcliffe, a diabetic and security expert, was able to hack his own insulin pump. (Leitner, T. & Capitanini, L., 2014). According to Darlene Storm (2015), a deception-based company, TrapX, found compromises to X-ray equipment, photo archives, communications systems, and blood gas analyzers. This personally worries me. As someone could hack a system and change my medicine dosage without my notice. I would hope the pharmacist would catch something like that. However, think about how many times you have been to the hospital to get an X-ray or any medical procedure where the device itself is connected directly to the network.

The worst part of this example is we as patients can do nothing about it. Even if you prevent the doctor sharing your information electronically, the equipment itself is still a source to be hacked. Hopefully, medical device manufacturers pay more attention to the security of their products as they become more and more advanced.

References:

Abdollah, T. & Perrone, M. (2017, January 10). US warns of unusual cybersecurity flaw in heart devices. Retrieved from: http://bigstory.ap.org/article/dc914628d99140a391b8050e571aae05/us-warns-unusual-cybersecurity-flaw-heart-devices

Leitner, T. & Capitanini, L. (2014). Medical Devices Vulnerable to Hack Attacks. Retrieved from: http://www.nbcchicago.com/investigations/Medical-Devices-Vulnerable-to-Hack-Attacks-277538441.html

Niccolai, J. (2015). Thousands of medical devices are vulnerable to hacking, security researchers say. PCWorld. Retrieved from: http://www.pcworld.com/article/2987813/thousands-of-medical-devices-are-vulnerable-to-hacking-security-researchers-say.html

Storm, D. (2015). MEDJACK: Hackers hijacking medical devices to create backdoors in hospital networks. Retrieved from ComputerWorld: http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html