Can Hacked Medical Devices Kill You?
In the ever-changing era of technology, with new and innovative devices being released daily catering to our needs or solving our problems, we didn’t even know existed. With the explosion of growth in technology and its influence on our lives, we have become increasingly dependent on it. The medical industry is the first to adapt to various technological advancements made available to help better care for their patients. For example, with the improvements across multiple monitoring devices made available to the medical industry, hospitals can better monitor their patient’s vitals at all times instead of periodically checking their vitals manually or making an educated guess. This helps medical professionals make better-informed decisions and also monitor multiple patients at the same time.
With such a widespread and vital role of medical technologies, medical professionals expect and trust them to provide accurate information based on which life-changing decisions are made. However, while device vendors go to great lengths to ensure that their devices measure the vitals accurately and various government agencies ensure that the quality standards are strictly followed, there is a surprising lack of effort to ensure that the vitals displayed are not tampered with. This problem is further compounded because more and more of these devices are connected to the hospital networks to monitor the vitals remotely.
McAfee researchers in the year 2018 announced at the Defcon hacker event that they were able to hack into a medical network and falsify a patient’s vital signs that to in real-time. Exposing such critical vulnerabilities present inside medical devices, they once again proved that hackers could do a lot more damage than just financial harm or loss of data which in itself is scary enough but can compromise security in such critical life-or-death scenarios as well.
The researchers were able to modify the data sent in real-time, switching the display and showing the heartbeat from 80 pulses to zero pulses in a matter of seconds, making it look like the patient was experiencing a heart attack. Typically, doctors would have immediately started using Electrical cardioversion or a defibrillator to restart your heart during such a scenario. Still, as the patient was not experiencing a heart attack, such an action would have caused much damage or maybe even death.
The researchers were able to do so by exploiting the lack of proper authentication, allowing them to introduce a rogue device onto the hospital network that started mimicking the patient’s monitor allowing them to falsify the patient’s vital information creating a deception of a patient suffering a heart attack.
Both device vendors and hospitals need to take proactive steps to ensure such vulnerabilities are not present inside their networks. For example, vendors need to start at least encrypting their network traffic and adding authentication mechanisms that will help drastically reduce the risk. In contrast, hospitals need to ensure that their staff is well aware of such threats and appropriate cybersecurity policies are followed to minimize such risks.
To Know More visit us
Sources:
A Model Hospital Where the Devices Get Hacked — on Purpose | WIRED
Cybersecurity researchers hack patient monitor data stream, falsify vital signs | FierceHealthcare
80 to 0 in Under 5 Seconds: Falsifying a Medical Patient’s Vitals | McAfee Blogs
McAfee researchers falsify a patient’s vital signs in real-time | VentureBeat
