When you picture hackers, what pops into your head? A common public perception is of a couple guys on computers wearing hooded sweatshirts and furiously typing away on their keyboards. As technology has advanced, though, so have hackers—and the list of gadgets they can break into has grown exponentially beyond your home computer.
Now we have the elusive “Internet of Things” (IoT) that in its most basic form, is machine-to-machine communication. It’s all those technology-based products with WiFi capabilities that make our lives better in many ways, but also open us up to a whole new world of cyber threats.
Among those cyber security dangers? Medical devices that people need to stay alive like pacemakers, insulin pumps, and implantable defibrillators.
Some medical devices have remote monitoring capabilities or wireless connectivity so that health professionals can adjust or monitor implanted devices without having to do invasive procedures all the time. These advances are amazing and positive, but medical device companies aren’t keeping up with the security side of these devices.
Researchers in Belgium and the U.K. conducted a study in which they examined the security of implantable cardioverter defibrillators. They found that by intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, they could steal patient information, flatten the device’s battery, or send malicious messages to the pacemaker.
“The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy,” the researchers wrote.
In addition to the physical harm connected medical devices have the potential to inflict, there’s another side to these security vulnerabilities—they’re a way for hackers to get into hospital and other health care networks. Because these devices are connected to so many different sensors and monitors, there are different entry ports where hackers can get in and cause some serious damage. Among the most common and likely scenarios? The hackers either steal records with sensitive patient information for medical identity theft, or they install ransomware on a hospital’s network; ransomware holds the network “hostage” until the hospital pays to get free.
One current exploit is known as MedJack. With MedJack, hackers inject malware into medical devices so they can reach an entire connected network. This gives them the ability to steal information that can be used for all types of identity theft and even track active prescriptions that hackers can then order and sell on the dark web. And MedJack isn’t some elusive problem that’s only affecting a few hospitals—it’s a widespread issue.
“Every time we’ve gone into a healthcare facility to demonstrate our product we unfortunately find that they’re also a victim of the MedJack attacks,” said TrapX vice president of marketing Anthony James, in an interview with Wired. “Most of these facilities have no clue, because no one is monitoring their healthcare devices for the presence of an attacker. No one is thinking about a CT scanner or an MRI machine and seeing a Launchpad for a broader attack.”
Unfortunately, this type of cyber threat isn’t likely to disappear any time soon. Until medical device companies and healthcare organizations prioritize major security improvements, hackers will continue to find ways into our records—or our bodies—to steal information.
The cyber security landscape is always changing. When you trust IdentityForce to protect your personal information, though, you can rest assured that your identity is always in the right hands. Learn more about our identity theft protection services.