If you've spent any time in a hospital, you know you're putting your life in the hands of trained professionals. Nurses, for instance, spend years learning how to care for you, and doctors spend more than a decade perfecting their skills.
All that time and effort is to ensure that, when you're most vulnerable, these medical professionals can give you the best possible care. So, imagine how frightening it would be to be ill and put your life into the hands of Russian hackers.
That sounds like a terrible movie plot. But, sadly, it's a reality. We've been telling you that hospitals and all that lifesaving medical equipment they use, like pacemakers for your heart and blood gas analyzers (BPA), are vulnerable to hacker attacks. But, even we couldn't guess how bad it really is.
Hospitals and their network-connected devices are so poorly protected that, in July, the Food and Drug Administration issued its first-ever cybersecurity advisory about a medical device.
Specifically, the Hospira Symbiq infusion pump, because it's vulnerable to unauthorized users controlling the device. In other words, hacking it. It's "precedent setting," according to the FDA's Center for Devices and Radiological Health.
The warning came more than a year after a cybersecurity researcher began warning the Department of Homeland Security and the FDA that the devices, and many other medical devices, can be remotely taken over by hackers. In fact, the man who issued the warning at one point was hired by the Mayo Clinic to search for cybersecurity vulnerabilities in its systems.
He and other hackers tested MRI machines, ventilators, ultrasound equipment and other devices. They found so many vulnerabilities that they couldn't even document them all. Mayo Clinic took action for its facilities. But what about other devices, and other hospitals?
There isn't much good news here. In fact, just last month, we told you that cybersecurity researchers found vulnerabilities in 68,000 medical devices.
Over the summer, the auditing firm KPMG found that 81% of IT professionals in the medical industry say their systems had been compromised within the past two years. You can guess what hackers are trying to access: your medical records.
Last year, the cybersecurity company TrapX Security tracked medical devices in 60 hospitals. It found that every single hospital in its study had equipment that was infected with malware. In fact, it observed hacks that originated in Europe in which hackers tried to steal medical records by hacking vulnerable devices, notably BGAs.
These cybersecurity experts also found the ransomware bug Citadel. Ransomware is scary, no matter when it happens, because hackers demand money in exchange for giving you access to your own computer, or medical records.
This is frightening. So, what can you do about it? Call your state representative and tell them you want the FDA to know that you're concerned about hackers stealing your medical records.