When we talk about the "internet of things," the first thought most people have is a Google-equipped fridge or a "smart toaster." In reality, most internet-enabled devices serve a practical purpose such as implantable medical equipment. These devices that live in our bodies can relay vital health data to our doctors over the internet, as well as keep us and our loved ones safe during an emergency.
Like with all devices connected to the internet, however, security threats still loom large. A new study by the Department of Homeland Security found a critical vulnerability in a common health-care device that thousands of people depend on each day.
It may sound like something out of science fiction, but hackers that can attack your body are quickly becoming a scary reality.
How hackers can attack medical devices
Hackers have been targeting medical technology for a long time now - and for good reason. Medical equipment and databases offer a wealth of private information into the lives of ordinary people that malicious actors can exploit for personal gain. Data security risks are present on any device that connects to the internet, but a host of flaws and holes found in a range of ICDs (implantable cardioverter defibrillators) bring these risks far too close for comfort.
ICDs protect the patient after being implanted near their hearts inside the body. The device's on-board computer keeps track of heart rate and performance while relaying this data wirelessly to an internet connected device. When heart rhythm is abnormal, the device emits small electric shocks to prevent cardiac arrest or other significant heart trouble. Thousands of Americans depend on ICDs to live healthy, fulfilling lives and engage in physical activities that they could not perform otherwise.
Because of this sensitivity, the Department of Homeland Security has posted a medical advisory warning of security vulnerabilities in a range of defibrillator products made by the company Medtronic. These devices have wireless antennas that don't encrypt their data when broadcasting, allowing would-be hackers to easily latch on to, listen to, or inject custom code into the ICD with a wireless device of their own. This could lead to dangerous on-board settings changes that could leak private medical data or, worst of all, put the life of the patient at risk.
How device makers are fighting back against hackers
Thankfully, Medtronic reassured patients by announcing that "To date, no cyber attack, privacy breach, or patient harm has been observed or associated with these issues.” The security flaws were noticed preemptively by security researchers in order to minimize or prevent any potential damage.
Many companies and organizations rely on these security researchers (sometimes called "white hat hackers") who use their knowledge and skills to poke holes in systems and find the weakest points. Armed with that information, companies can release security fixes and potentially head-off the next big data breach or worse.
As for Medtronic's ICDs, the affected units span a range of about 20 different products, with security updates expected in the later part of 2019. Medtronic and the government continue to recommend that patients use their devices as prescribed, but follow some basic data safety steps to protect themselves as much as possible.
These steps include only allowing yourself or your doctor and their staff to handle your devices, never using third-party devices and accessories, and avoiding unsecured outlets such as USB ports.
Get Komando security alerts
As hackers continue to sharpen their game, you can protect yourself by staying informed with the latest cybersecurity news and alerts on my Komando newsletter. Subscribers get frequent updates on new data breaches, security tips and tricks, and trusted device recommendations for a safer digital lifestyle.
Medical device hacking and the vulnerability of connected medical devices
Hacked medical devices are quickly becoming a top security threat. From pacemakers to hospital equipment, anything that connects wirelessly can be compromised. In this episode of Komando on Demand, Kim looks into the myths and realities of medical device hacking and security. Kim talks to Christian Espinosa, a cybersecurity professor at Maryville University and CEO of Alpine Security, about medical device security and what's being done to make devices and hospitals more secure. Tap or click to listen to this podcast on your way to work.