It sounds like the stuff of action movies – you’re a ticking time bomb, with cyber terrorists gaining control of your pacemaker and holding your heart to ransom. Unfortunately, it seems this might not just be in the realm of fantasy.
According to a new report by Forrester, the biggest cyber security threat of 2016 is hackers hijacking our medical devices. Holding people’s pacemakers and insulin pumps to ransom could make hackers rich, and put millions of lives at risk.
Medical devices are no longer static – pacemakers, insulin pumps, surgical robots and MRI scanners are networked and online, making them part of the Internet of Things. This has great benefits and supports the move to personalised medicine that puts the patient in control.
However, it also opens the doors to opportunistic hackers. In the new report, Forrester predicts that hackers will release ransomware for medical devices in 2016. Ransomware is software that enables people to take control of a device until the victim pays a ransom.
Thanks to modern medical technology, 3 million people around the world have a pacemaker; ransomware could put these people at risk. It’s possible for someone to take control of a pacemaker or order a networked infusion pump to deliver an overdose of medication to a patient lying in hospital.
In June, the FDA recommended healthcare institutions should stop using the Symbiq Infusion System due to “cybersecurity vulnerabilities.” Worryingly, it seems many such devices are not secure. Stephanie Balaouras, an analyst from Forrester, told NBC News:
When it comes to preparedness, they’re woefully behind and that, to me, is the most concerning thing.
In late 2013, the Mayo Clinic – one of the most prestigious medical institutions in the US – decided to test its own security, by bringing in world-class hackers to mess with their devices, including “white hat” hacker Billy Rios. He was surprised to see how easy it was to breach the hospital’s security. He told Bloomberg Business:
Every day, it was like every device on the menu got crushed. It was all bad. Really, really bad.
Unlike computers, we can’t install our own security software on our medical devices. Essentially, this means our fate is in the hands of the manufacturers. Now the warning is out there, hopefully medical device companies will come up with better security measures before the hackers develop ransomware that could hold us hostage in our own bodies.
Featured image via Wikimedia Commons
