Posted on June 30, 2017 at 1:35 PM
Hackers Targeting US Hospitals through Medical Devices
As days go by, cyber security experts and researchers are in a hurry to learn whatever they can about the new malware called Petya. This apparent ransomware has been spreading around since Tuesday when it started attacking the Ukraine. However, it quickly went to other countries as well, and that includes the US.
Some of the affected US computers include those in hospitals. Experts claim that not only computers but other medical devices are at risk as well and that this ransomware is only getting worse.
Another recent ransomware attack called WannaCry has damaged hundreds of thousands of computers. More importantly, it managed to shut down up to 65 UK hospitals. It even affected MRI’s and refrigerators as well. And last January, a hospital called Hollywood Presbyterian Hospital from LA had to pay $17,000 in order to get the hackers off of their computers.
Obviously, targeting hospitals and praying on the sick has become a new trend for hackers. Another threat is something seen only in TV shows, that has somehow become a reality. Hacking people’s pacemakers is today not only possible but actually quite probable as well.
In order to deal with the problem, DR. Jeff Tully and Dr. Christian Dameff from the University of Arizona Medical School in Phoenix organized an event which was supposed to simulate a hospital hacking attack.
Both of these doctors claim to be hackers, but they also claim that there are a lot of hackers out there who would use their skills to help, instead to hurt. These are called ‘white hat hackers’, and they are trying to do things like fixing the system’s vulnerabilities, or notifying the manufacturers of flawed devices, software companies, and alike.
They do this to protect people from ‘bad hackers’, which are the ones that are trying to blackmail, steal, or hurt in some other way.
Tully has stated that connecting pacemakers to the devices in one’s home can help with heart monitoring and that this is not something that people should turn away from because of hackers. That is why they are trying to make them safer and harder to hack.
Their experiment involved using three fake patients that they are going to attack via hacking, while the doctors and hospital staff are completely oblivious to the situation. Luckily, doctors made the right calls, and all of the patients would have been saved even if the real attack was in place.
One of the researchers from Norway, Dr. Marie Moe, has stated that she and her team discovered how to hack pacemakers. She buys them from eBay in order to practice on them, and since she herself has one, this threat is very real to her. A San Francisco hacker, Billy Rios, does the similar thing with medical devices such as insulin pumps. He said that controlling these pumps is not only possible, but quite easy at that, and all it takes is to connect to the network that the pumps use.
Such equipment can be controlled from very far away, which is what makes it so dangerous. And the fact that these systems are running on very old systems can only assist the average hacker. In fact, these systems are so old, that they don’t even receive patches anymore. And that is not the only problem.
Hospitals also don’t invest enough in the cyber security personnel, and the research shows that 85% of hospitals don’t have a single person who has the technical knowledge to protect the systems from hacking. So, when you use old systems on old equipment and you have nobody to help you protect them, you are basically inviting the hackers.
For now, hacking pacemakers and similar activities are still not practiced, at least as far as it is known. However, something like that could soon become a reality and an everyday threat, and it needs to be treated as such.