As it turns out, you can hack a pacemaker. The US FDA warned consumers in January of this year that these devices and some others may be vulnerable to remote hacking, but noted that the dangers pertained to a few specific brands. However, according to security firm WhiteScope, this could actually be true for a greater number of implantable and embedded cardiac device brands than previously reported. The threat may also extend to other implantable medical equipment widely used in the American market, including insulin pumps and blood sugar monitors.
In their new study, Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies, WhiteScope focused on pacemakers and defibrillators, as well as the tools and systems that are used to adjust, monitor, and maintain them. When it comes to pacemaker systems, Whitescope identified approximately 8,000 bugs that hackers can potentially exploit in medical devices from four different manufacturers. Additionally, radio frequency-enabled pacemaker programmers don’t require authentication when connected to the devices, meaning that they are vulnerable to remote access and tampering. The study also notes that the availability of pacemakers, programmers, device monitors, and other medical equipment on online platforms such as eBay makes it very easy for anyone to get their hands on these devices; researchers found key weaknesses in devices purchased from these platforms that could allow someone to remotely adjust their performance or even stop them entirely.
In the light of these vulnerabilities and the aftermath of the WannaCry ransomware attack, which lists many hospitals and healthcare services in the US amongst its victims, there are a few major steps that American medical device companies are expected to take to protect patients and make their products more secure:
1. Provide more frequent updates for systems and programmers: Software updates will need to become more frequent and efficient in order to properly address bugs, vulnerabilities, and operational issues.
2. Require authentication and increase device security: Monitoring systems across the board—even those for doctors—are likely to require passwords or authentication protocol before they are allowed to connect with a patient’s medical equipment.
3. Implement stricter controls on programmers’ distribution: The availability of pacemakers and other implantable devices on e-commerce websites may decrease significantly as manufacturers put tighter controls on distribution, sales, and general accessibility.
Though to date there haven’t been any reported malicious medical device hacks, but an increase in cybercrime and wide-scale attacks such as WannaCry is encouraging players in the industry to substantially strengthen their security measures. Steps towards improved security of patient data and well-being will also increase consumer trust and loyalty towards these devices and brands.
Thousands of US’s leading medical equipment companies can be in your contact list if you register to join BizVibe today. Whether you are looking for reliable suppliers, top textile manufacturers, wholesalers and potential customers in over 70 major countries, or finding out what your competitors are buying and which suppliers they’re using, BizVibe can help you reach out to sales prospects and decision-makers in the textile industry across the globe.