Pacemakers are Far more Vulnerable to Hacking Than What we Assume

WhiteScope, the security company, has revealed 8,000 bugs, which hackers could exploit in the pacemaker programmers - tools that are used for adjusting and monitoring the device itself - from 4 diverse manufacturers. Moreover, researchers said that they have also found that pacemakers don't authenticate programmers; and hence, any of the working tools that are listed on the eBay has ability of harming patients with implant.

Manufacturers were supposed of controlling distribution of programmers, although researchers themselves have got its test devices from auction website for as little as $500 to as much as $3000.

Additionally to those concerns, the team found that monitoring systems of doctor don't need the names of log-in as well as passwords while connecting to pacemakers. They also found the unencrypted data of patient that are stored in tools including names, phone numbers, SSNs and medical conditions.

Having unencrypted the data means that patient data like name, SSN (Social Security Number), address, name of the physician, as well as drug and medical information are available with the hacker. Although there were not any known instances of hackers deliberately harming the patients, Gizmodo pointed out that it is a matter of time only before it starts impacting several hospitals across the world, especially after recent ransomware attack, i.e. Wanna Cry. Digitaljournal.com posted on May 30th,
2017, stating that medical facilities of United States were attacked also, although numbers are yet not clear.

Lastly, Johnson & Johnson (J&J) informed the customers that the insulin pumps had fault, which can allow hacker in changing the insulin flow, thus probably giving customer a lethal insulin dose.

Another new study looking at all the medical instruments overall security has revealed that - only 17% of the manufacturers taken any type of measures for securing the instruments against hacking. The study revealed that "testing for security vulnerabilities occurs rarely. More than half of HDOs do not test medical devices (45%) or are not sure about occurrence of testing (8%)."

Although it does not hear about any incident which has led to death of a patient, it is still more ideal to make the cardiac instruments more secured as cyberattacks has become more elaborate, sophisticated and common.

» SPAMfighter News - 6/1/2017