TMCnet News
Medical devices at potential risk to cyberattack(City A.M. (UK) Via Acquire Media NewsEdge) A PACEMAKER designed to send life-saving electrical pulses to your heart and provide your doctor with vital information about your health can also unfortunately be a target of a sinister cyber-attack. Medical devices that use a wireless connection such as pacemakers, defibrillators, monitors and insulin pumps, as well as automated drug distribution systems that are implanted in the bodies have all been considered to be at risk. Gunter Ollmann, CTO for IOActive, says: "The medical industry is not a thought leader of information security - it is still largely playing catch up. When I look at implanted medical technology, it is pretty scary stuff. Many of these technologies have been around for over 20 years, but have always had connecting cables leading from outside the body. What has happened in the last five years is there has been the removal of those physical connections and a shift to wireless communication. "The problem is you have very skilled and talented medical engineers developing these technologies. But they are now relying on software technologies being added onto their existing hardware and they do not have the 10 or 20 years of software experience to counter many of the security threats today." "These devices are capable of being updated remotely. Not just being able to send information back about their operations and the use of the device back to the doctor, but allow the doctor to tweak certain settings. "This includes dosage amount as well as the ability to update the software itself. It is just like patching and adding additional functionality improving the performance of the devices as you would expect to do for any hardware-based technology." But Ollmann reckons that the threat of someone going out of the way to maliciously hack a medical device is small. He says: "It requires effort, a level of technical prowess and access to classes of technology. The bigger risk is researchers or hardware hackers experimenting with related technologies that happened to be in range of your device. Not targeting with malicious intent, just a situation of being in the wrong place at the wrong time." (c) 2014 City A.M. |