Cyber Headlines: Hacking Medical Devices

Cyber Headlines: Hacking Medical Devices

In the ever-changing landscape of Cybersecurity, it’s hard to keep up sometimes. Luckily, we’re here to keep you in the loop with all the current white-hat, grey-hat and black-hat hacker news of the day. As I was traveling, Dennis Skarr stepped in solo, with the latest news on hacking medical devices. Peep the video below and don’t forget to let us know what you think!

  • Hospitals are often targeted via ransomware attacks
  • This can be detrimental, as hospitals don’t only need access to their data in order to function, but many medical devices hook up to the hospital’s network which could threaten lives if tampered with.
  • It’s very challenging for security researchers to make their products more secure.
  • In 2013, the male clinic invited security researchers to come in and “do their worst”. They did. The team didn’t have to dive very deep to find vulnerabilities in the system.
  • The mayo clinic then created new security requirements for medical device suppliers. They now required each device to be tested for security before purchasing the equipment.
  • One researcher, Billy Rios, wanted to continue his research. He bought an infusion pump off of EBay, and discovered that it’s possible to virtually take over these machines remotely.
  • He filed a report listing the vulnerabilities and suggested further research looking in to other devices’ vulnerabilities and how an exploit might affect patience.
  • After no response, Rios made a video showing how easy it is to do this hack. Then wrote out sample computer code to the FDA and Department of Homeland Security so they could test it themselves.
  • The FDA, ultimately, pushed out an advisory to stop using the infusion pump. This type of advisory was the first of its kind.
  • Rios teamed up with Terry McKorgle to continue researching these devices with hard-coded passwords. They found similar vulnerabilities in different devices over 40 manufacturers.

 

Sources:

http://www.cbsnews.com/news/dick-cheneys-heart/

http://www.bloomberg.com/features/2015-hospital-hack/

http://www.theregister.co.uk/2016/03/31/legion_of_demons_found_in_ancient_auto_drug_dispensing_cabinets/

http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm456815.htm?source=govdelivery&utm_medium=email&utm_source=govdelivery

https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01B

CyberTraining 365 is a comprehensive library of cybersecurity classes which enable practical application while allowing the student to control their learning pace and absorption rate. With interactive labs and a responsive community, CyberTraining 365 provides solutions for a variety of learning styles while covering an array of imperative, relevant and current topics and certifications surrounding cybersecurity. Our LMS is also ideal for training use by enterprise, government and educational organizations.

Leave a Reply

Your email address will not be published. Required fields are marked *