Science

Pacemakers are extremely vulnerable against cyber-attacks, according to reports

27 May 2017 | By Anish Chakraborty
Pacemakers are "buggy" and lack security, say studies

Pacemakers, insulin pumps and other devices in hospitals, according to recent studies, most of the times have security problems making them vulnerable to cyber-attacks.

One study done solely on pacemakers found more than 8,000 known flaws in the code of cardiac devices, while the other cited only 17% manufacturers of such hospital devices take measures to secure these gadgets.

Here's all about it.

In context: Pacemakers are "buggy" and lack security, say studies

27 May 2017Pacemakers are extremely vulnerable against cyber-attacks, according to reports

BugThe first study shows lack of proper encryption

Researchers Billy Rios and Dr. Jonathan Butts, after looking into a wide range of pacemakers produced by four different manufacturers and the "ecosystem" of other machines used to manage them, found that manufacturers face "serious challenges" in keeping these devices free from bugs.

The report also pointed out that only a few of them were encrypted or protected otherwise.

Love Tech news?
Stay updated with the latest happenings.
Users are not attentive

DeviceUsers are not attentive

Users also don't pay much attention to the security of the pacemakers that are being placed into their bodies. None of the studied pacemakers were protected with even the basic login credentials and passwords, nor did the patients check if the device was authentic before connecting.

The small size and low computer power make it difficult for manufacturers to put the safety measures.

ProtectionThe risks are considerably high

The research concluded that device makers have a long way to go in terms of protecting the pacemakers "against potential system compromises that may have implications for patient care."

The report, consisting of all the hiccups that the researchers uncovered through the study, has been given to the US Department of Homeland Security, which oversees companies that make medical devices, said Rios.

AttackThe second study reflects on the lack of know-how

The other study conducted by Ponemon Institute, LLC, questioned several manufacturers, hospitals and health organizations about the equipment they use in treating patients and reported that 80% of them said that devices were hard to secure.

The study showed a lack of knowledge among creators about how to write a secure code and that the devices were vulnerable to attack.

SecurityCritical flaws in the system

The Ponemon Instituon, LLC study found out that only 9% device makers and 5% health organizations tested their equipments annually to detect potential security vulnerabilities. And only 17% manufacturers took steps to secure the devices.

It also noted that a staggering 49% of the manufacturers do not use the advice on how to secure their products, given by US Food and Drug Administration.

Love Tech news?
Stay updated with the latest happenings.

ProblemThis is a life or death issue

Following the notorious WannaCry cyber-attack, it was unveiled that medical devices are incredibly challenging to be provided with adequate security and are easily hackable.

"The security of medical devices is truly a life or death issue," said Dr Larry Ponemon, co-author of the study. "It is urgent that the medical device industry makes the security of its devices a high priority," he added.

Hackers"Anyone can do this"

For a hacker creeping into a patient's medical device, such as a pacemaker, is as easy as running a Google search; only here instead of Google, hackers use a tool named Shodan for searching medical devices with flaws which they can potentially hack.

Healthcare IT consulting firm, CynergisTek CEO Mac McMillan said, "None of this is rocket science. Pretty much anybody can do this."