CyberthreatsFDA warns about vulnerability of medical devices to hacking
The Food and Drug Administration (FDA) has warned manufactures of medical devices implanted into the human body, such as pacemakers and insulin pumps, to step up their cybersecurity efforts. The agency said it has discovered “cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.”
The Food and Drug Administration (FDA) has warned manufactures of medical devices implanted into the human body, such as pacemakers and insulin pumps, to step up their cybersecurity efforts. The agency said it has discovered “cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.”
The New York Daily News notes that U.S. regulators and cybersecurity experts said the threat of someone hacking and disrupting these systems is a real and increasing. Officials say an incident in which a hacker has accessed these systems has not happened yet, but at the same time there has been no serious research into whether hackers are considering such attacks.
“The good news is that we are not aware of any incidents in the real world. But the bad news there is no science behind looking for it,” Kevin Fu, a University of Michigan professor of computer science specializing in health security told the Daily News.
“It takes just a blink of the eye for malware to get in.”
The TV show “Homeland” depicts the vice president of the United States being assassinated when hackers break into his pacemaker and give him a fatal electrical shock.
Barnaby Jack, who works for the security firm IOActive, said the “Homeland” scenario was “fairly realistic,” and that he would demonstrate a similar attack at an upcoming hacker gathering.
“In ‘Homeland,’ they required a serial number, my demonstration doesn’t,” Jack told the Daily News.
Fu was among the authors of a report in 2008 that focused on the risks of devices such as defibrillators, which could be reprogrammed by hackers to deliver a fatal shock, or shut down without the owner knowing.
“My opinion is that the greater risk is from malware that accidentally gets into a device rather than the attacks in fictionalized programs,” Fu said.
“Malware will often slow down a computer, and when you slow down a medical device it no longer gives the integrity needed to perform as it should.” Fu added.
According to Jack, implantable medical devices such as pacemakers and defibrillators from a major manufacturer have been “particularly vulnerable” to get into and that he can do it from a range of thirty to fifty feet.