• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TekSec

My Scribbles on security and whatever strikes my fancy . . .

  • Home
  • About
    • Privacy Policy
    • DISCLAIMER
  • Services
    • Content Strategy
    • Social Media
    • Digital Audit
  • Show Search
Hide Search

Hacked medical devices gaining traction

December 22, 2016 By teksquisite Leave a Comment

No manufacturer, hospital, medical facility or consumer wants to experience the nightmare of hacked medical devices. If we don’t beef up the security game soon—the bad guys will be snacking on Kobe Filet while the rest of us choke down skirt steak. 

Medical devices

This year, Johnson & Johnson became the first medical device manufacturer to warn consumers about  medical device vulnerabilities when the company disclosed the Animas OneTouch Ping Insulin pump could be hacked.

Hacked medical devices gaining traction

During the summer of 2013 the The U.S. Food and Drug Administration (FDA) warned medical device makers and medical facilities to upgrade security protections to protect against potential cybersecurity threats that could compromise the devices or patient privacy.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health told Reuters.. “Hundreds of medical devices have been affected, involving dozens of manufacturers . . . many were infected by malicious software, or malware.”

According to a recent study from researchers at KU Leuven, the University of Birmingham and two other institutiona in Europe: Implantable Medical Devices (IMDs) and Implantable Cardioverter Defibrillators (ICDs) are vulnerable to denial-of-service attacks.

“Our work revealed serious protocol and implementation weaknesses on widely used ICDs, which lead to several active and passive software radio-based attacks that we were able to perform in our laboratory,” the researchers explained.

The researchers also discovered that proprietary protocols (where they had no prior knowledge or documentation) could potentially be reverse-engineered by a weak adversary without the adversary needing physical access to the devices.

Medical device attacks

According to this infographic based on protecting healthcare IoT applications, 94 percent of healthcare organizations have been a victim of cyber-attack and 38 percent of patients would be wary of using a hospital associated with a hacked device. Key vulnerabilities include: patient data theft, therapy manipulation and malware.

hacked medical devices infographic - Arxan

Arxan, a global leader of application attack-prevention for mobile and IoT says “no platform is immune to threats.”

Threat vectors are constantly evolving and attacks at the application level are prevalent with increasing frequency, sophistication and severity.

Arxan’s Top Medical Device Application Risks:

  • Code Analysis: Malicious actors can examine the medical device application code, either statically (for example, as disassembled code) or dynamically (while the program is executing). Such analysis enables the adversary to understand how the internal algorithms work, discover sensitive information, and pinpoint vulnerabilities.
  • Intellectual Property (IP) Theft: Attacks on medical device applications can be designed to extract sensitive information and steal copyrighted material or proprietary algorithms.
  • Cryptographic Key Theft: Cryptographic keys are at the core of all security systems that deal with encrypted data. If hackers can locate keys in the code or medical device memory, they can completely circumvent or remove the security features and gain unauthorized access to the medical device.
  • Tampering: Adversaries can install malicious code or modify controls, causing the program to malfunction, jeopardizing patient safety and compromising sensitive data.
  • Malware Injection: Unprotected applications are exposed to malware insertion that can result in privacy breaches, performance loss, unauthorized remote control, and unintended medical device operation.

Michael Thelander of Iovation adds an important security think-bit (often overlooked) to the mix: “Manufacturers must build security measures into medical devices that include the software lifecycle.”

Beefing up medical device security in 2017 is critical, not purely for security reasons (though security should be at the top of the list) but, to also ensure patient safety and privacy.

Facebooktwitterredditpinterestlinkedinmailby feather

Filed Under: TekSec Bytes, Updates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Visit Us On TwitterVisit Us On FacebookVisit Us On PinterestVisit Us On YoutubeVisit Us On LinkedinCheck Our Feed

Recent Posts

  • 13 Reasons why WordPress hacks are successful
  • Hacked medical devices gaining traction
  • Online Travel Agency Deals: Due Diligence and Dive

Top Posts

  • Safari browser redirects on iPhone, iPad –… (11,452)
  • 6 motivations of cybercriminals–Is it all about the money? (4,767)
  • How to derail a Business Gmail Spam bomb (4,270)

RSS SecurityWeek

  • Critical Vulnerability Impacts Over 120 Lexmark Printers
  • BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws

RSS Threatpost

  • Student Loan Breach Exposes 2.5M Records
  • Watering Hole Attacks Push ScanBox Keylogger

Recent Comments

  • teksquisite on How to derail a Business Gmail Spam bomb
  • Stephanie Cleveland on About
  • bob mbeng64 on How to derail a Business Gmail Spam bomb
  • teksquisite on Remove Query Strings From Static Resources in WordPress
  • Harish on Remove Query Strings From Static Resources in WordPress

Categories

Copyright © 2023 · Teksquisite Security LLC

  • Home
  • About
  • Services
  • Privacy Policy
  • DISCLAIMER