Experts are raising alarms about the risk of cyberattacks on medical devices.
Cyberattacks in health care are a rising problem, but thus far there is no evidence that cyber bandits have successfully hacked into a personal device that a patient depends on. But that may soon change.
In fact, just last year Johnson & Johnson announced that an insulin pump that it made could be hacked, with potentially fatal results.
Similarly ominous were claims made by legendary New Zealand hacker Barnaby Jack, who in 2013 died of an apparent drug overdose the night before he was scheduled to demonstrate how to hack a pacemaker.
The federal government is trying to stay ahead of the hackers, with Congress creating the Healthcare Industry Cybersecurity Task Force in 2015 to explore ways to prevent harm to the government’s own expansive health care system as well as to provide guidance to the private health care industry.
"The medical device industry, I would say in the last two-and-a-half years or so, has gone from general understanding of the issue, general participation to extreme awareness and participation in cybersecurity efforts," Zach Rothstein, an official at the Advanced Medical Technology Association, tells The Hill.
The vulnerabilities arise from the fact that medical devices are increasingly internet-connected, allowing doctors to remotely make changes to the device’s operation without having to dig into the patient’s body.
Hints at how hackers might make money by targeting a pacemaker or an insulin pump can be seen through the recent spate of “ransomware” attacks on hospitals and other organizations overseeing sensitive information. In such cases, a virus demands a ransom in exchange for returning control of the system to its owner.
Last year Hollywood Presbyterian Medical Center in Los Angeles paid roughly $17,000 in bitcoin, a cyber-currency, to get a hacker to leave its system.
The ability to hack a medical device offers the terrifying prospect of criminals being able to hold somebody hostage by controlling a device their life depends on.
“The entire extortion landscape has changed,” Ed Cabrera, chief cybersecurity officer at Trend Micro, a threat research firm, told Wired recently. “You do get into this life or death situation potentially.”