Hacked medical devices are emerging as a disturbing trend. Major companies such as Johnson & Johnson dealt with security issues in their insulin pumps. St. Jude also dealt with a serious breach that impacted pacemakers, defibrillators, and other medical equipment. Hackers are starting to find loopholes in security for embedded devices. Protecting medical instruments has become important. There is a duty to protect patients, so that hackers cannot damage an insulin pump and potentially kill someone. Medical devices are connected to sensors and monitors, which may make them entry points to larger hospital networks. There is a high risk involving the theft of sensitive medical records or a spyware attack that allows important systems to be held up until administrators pay a fee.
Hacked Medical Devices
Implanted medical devices are so personal because they are inside your body. Some of these medical devices have features such as wireless connectivity and remote monitoring, which allow doctors to improve these devices if needed. However, these devices also create points of exposure. While the spread of medical care gadgets does create exposure, it also causes potential danger to the healthcare industry. There are a lot of easy targets. Because these devices are so publicly exposed, hackers are able to target them. Many healthcare systems are using outdated software, which leaves them vulnerable to attacks.
The diversity of IoT devices makes them susceptible to compromise. One popular exploit is MedJack, as attackers spread malware into medical devices to then spread them out across a network. MedJack can cause identity theft or tax fraud, and may even be used to track drug prescriptions which allow hackers to order medicine online and sell it through the dark market.
MedJack continues to evolve, making it even more dangerous. MedJack used their technology to put fraudulent medical devices on different hospital networks. MedJack specifically attacked devices that were using outdated software. As the hackers begin to establish themselves, they launched assaults on many different networks. Hackers are using a ransomware attack to target large hospitals and receive a payout. Recently, ransomware attacks are disrupting access to different systems and then asking for a ransom in exchange for releasing the services. Hospitals are then tasked with trying not to lose money, as well as important resources that patients depend on.
How To Fix This Problem
Different medical devices such as clocks that have spent a large amount of time on the market need defenses. These devices lack security planning and software for downloading updates. There is also a need for incentives for the next generation of devices to have tougher security protections. Most devices do not place a high priority on security in the initial stages, choosing to rely on third party components. The Food and Drug Administration is boosting its efforts to deal with cyber security. NIST is also working on developing more secure digital systems. The FDA uses actionable authority. They have delayed and blocked different medical devices from entering the market if they are not adhering to the cyber security standards. The FDA has seen growth in cyber security protection through new products that are being reviewed. Because devices can take years to develop, The FDA is not surprised that it is taking time to see significant results.
Despite these new measures, it has become clear that securing existing devices while developing ways to protect future ones will continue to be a lengthy process. Regardless, the entire healthcare industry and its patients remain on high alert.
Learn more about Medical Device News.