Hackers Could Kill Patients by Attacking Medical Devices

Some of these attacks can even happen remotely, where the attacker does not need to gain physical access to the device

According to a new report from the Royal Academy of Engineers, health technology and medical devices, such as pacemakers, heart pumps and MRI scanners, are vulnerable to cyber attacks, which could have ‘severe consequences’ for patient safety.

Amir Abramovitch, security researcher, Cy-OT, said: "We know that a lot of Internet of Things (IoT) devices are insecure, and healthcare devices are no exception. In the last couple of years we have seen multiple vulnerabilities published for a variety of medical IoT devices. The main problem is that the worst-case scenario here is not data theft or malware infection, but death. The scariest part is that some of these attacks can even happen remotely, where the attacker does not need to gain physical access to the device.

"The vulnerabilities span from simple vulnerabilities such as insecure storage of the Wi-Fi password and hard-coded secret credentials for remote maintenance, to more severe vulnerabilities such as communication interception (e.g. changing the dosage of a drug) and full-on denial-of-service (e.g. making the device stop functioning at all).

"This poses a threat, not only to corporate businesses, but to human life. The good news is that there are possible mitigations for these attacks, and they are quite easy to implement. The problem is that the companies making these devices do not understand the security implications of their poor design, and I hope they will learn it before it is too late."


Tags assigned to this article:
hackers Patients medical devices

Advertisement

Around The World