Developing: Pakistani Plane Escorted by UK Fighter Jets — 2 Men Arrested
Doc Thompson’s 24-hour radio marathon, ‘#24forok,’ continues until 9 am ET — Listen Live!
Tech Experts Discuss How Rise in Medical Malware Could Lead to Fatal Consequences
Hacking of medical devices, like a pacemaker, and malware infecting systems used by healthcare physicians is being discussed from a security standpoint. (Photo: Shutterstock.com)
Computers and smartphones aren’t the only technology susceptible to malware. Experts are saying computerize medical equipment is being targeted through systems connected to the Internet as well — and the effect could have deadly consequences.
Technology Review reported Kevin Fu, a medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, saying that although no injuries as a result of computer viruses infecting medical equipment have been reported yet, they are beginning to hamper patient-monitoring equipment.
The National Institute of Standards and Technology Information Security & Privacy Advisory Board panel discussed the potential consequences this malware could have on patients, how it is getting into the system and what can be done about it.
An example of a malware compromised system provided by Mark Olson, chief information security officer at Beth Israel Deaconess Medical Center, is fetal monitors on women experiencing a high-risk pregnancy.
“It’s not unusual for those devices, for reasons we don’t fully understand, to become compromised to the point where they can’t record and track the data,” Olson said, according to Technology Review. “Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there’s someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction.”
Another issue is hacking of devices. Tech Crunch reported at a separate conference a demonstration that hacked into a pacemaker and subjected the patient to electric shock. Not only that, but a tech expert said it is possible to spread a virus through the system distributing the shocks to other nearby pacemaker users, which would result essentially in a “mass murder.”
Here’s more from Tech Crunch on that scenario:
At the BreakPoint security conference in Melbourne [Barnaby] Jack [from IOActive] demonstrated that he could reverse engineer a pacemaker to deliver fatal shocks from within 30 feet and rewrite the devices onboard software (firmware). The pacemaker also contained a “secret function” that could activate other cardiac devices within a 30 foot-plus vicinity.
“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD [implantable cardioverter-defibrillators] and then each would subsequently infect all others in range.”
Technology Review stated that hacking of medical devices was discussed at NIST as well, although no reported instances have occurred yet either.
But reporting of issues is a problem in an of itself. According to Technology Review, reporting is not required unless there is harm to a patient and medical centers may not see the point as there might not be a solution to the problem anyway. Panel participants discussed regulatory issues that prevents some from installing virus protection and making other updates to systems as well.
Read more details of what was discussed regarding medical malware in Technology Review’s full article here.
Featured image via Shutterstock.com.
(H/T: Gizmodo)
Benghazi, IRS, AP...What's next? Only TheBlaze TV offers the truth from Glenn Beck, Andrew Wilkow, and Real News from TheBlaze. Get instant access and a free trial here.
Comments (13)
Sign In To Post Comments! Sign In
Popular Stories
John McCain Lectures Tea Party Senator on How ‘Business’ Gets Done in Congress: ‘That’s What We’ve Been Doing for a Couple Hundred Years’ 591 Comments
Boy Scouts of America Vote to Allow Gay Members 520 Comments
Pope Francis’ Sermon Sparks Debate: ‘Even the Atheists’ Have Been Redeemed ‘With the Blood of Christ’ 497 Comments
Obama Doesn’t Return Marine’s Salute, Shakes Hand Instead — Is This a Protocol Misstep? 392 Comments
Piers Morgan Bans Dana Loesch From His Show Following Twitter Spat: ‘Show Some Bloody Respect’ 336 Comments
Faith
-
Game-Changing Bombshell? There’s a Major Twist in the Story About a High School Student’s Lesbian Relationship With a Minor
321 Comments
- Is the Boy Scouts’ Gay Amendment the ‘Beginning of the End’ for the Group? (Plus: Tell Us Where You Stand) 277 Comments
-
MSNBC Hosts Martin Bashir and Chris Hayes Claim London Machete Killers Aren’t Terrorists: ‘These Are Just Murderers’
151 Comments
-
Did You Catch the Possibly Policy-Changing Ft. Hood Reference in Obama’s Terror Speech?
Read More
-
Dem. Rep. Apologizes for Attending ‘Racist, Anti-Semitic and Homophobic’ Speech
Read More
Business
-
Have You Had Scotch at a NJ TGI Friday’s Lately? You Might Have Been Drinking Rubbing Alcohol
Read More
-
Venezuelan President Blames Toilet Paper Shortage on the Rich
Read More
-
This Terrible Chart Shows the Change in Food Stamp Participation Over the Last 10 Years
Read More
- Disney Makes Absolutely Mortifying Photoshop Mistake Read More
-
Trey Gowdy at It Again — This Time with a Jack Bauer Reference!
117 Comments
Technology
-
LOOK: Woman Claims to Have Photographed UFO in California
Read More
-
Lion Named ‘Bonedigger’ and Small Dog Make Most Unlikely Companions
Read More
-
Rocket Bike Sets Land Speed Record — and Uses a Fuel You Wouldn’t Expect
Read More
-
How 3D Printing Technology Created a Special Part for Baby’s Windpipe and Saved His Life
Read More
-
6 Fascinating Spy Gadgets You’ll Probably Want (and Can Have) After Seeing
Read More
Submitting your tip... please wait!
piper60
Posted on October 22, 2012 at 9:55amIf Iran can get the bomb, they can and will do this. Watch out.
Report this comment
ECtech
Posted on October 19, 2012 at 11:16pmRegarding the medical devices (pacemakers and the like):
They CAN be built so that the only way to change the firmware involves replacing a chip. They could even make the chip soldered in.
By chip – I’m referring to the EEPROMs, Which should be changed to EPROMs. The first is electronically erasable and reprogrammable, the second cannot be erased and reprogrammed – it is programmed only ONCE.
Report this comment
Meyvn1
Posted on October 19, 2012 at 12:40pmMedical computers should not be on the internet or accept portable devices. Same goes for military and energy infrastructure computers. Wise up.
Report this comment
Cataclysm
Posted on October 19, 2012 at 10:36amI work for a Medical Device manufacture, and I repair their equipment. Our newer systems we can install firewalls that will only allow our system to talk to a few other pieces of equipment. However it is not a full proof plan. Hospitals don’t always purchase them, but if they do it’s still not 100%.
I had one hospital that got a virus and it got into 82% of all windows machines including their servers, x-ray machines, cath lab equipment, cat scanners and MRIs. We had to format and reload software on dozens of machines at the cost of thousands of dollars to the hospital. Thankfully the virus didn’t stop the machines from being used but it very well could have, which could had cost lives.
Report this comment
RaydocX
Posted on October 19, 2012 at 1:02amthe big leap in survival was cardiac monitoring… the rest is sadly just tinkering for a few percent improvement in survival… from a mass casualty standpoint, while the towers were a PR coup, dropping a hospital would generate a horrific situation… especially if it is in a city with just the one hospital… look at the Joplin tornado… look at the Oklahoma building. Hospitals are soft targets with victims who cannot escape and guardians who are excoriated if they leave their charges (see Katrina’s aftermath).
Malware would affect a handful of people and is a nuisance, but i can already see the ads ‘have you or a loved one suffered a medical malware device failure and had injuries or death as a result? The manufacturer of all electronic devices implanted were aware of the risk and did nothing to protect you or your loved one. Call the law offices of Dewey, Screwem, and Howe…’ forget the mortality if the device hadn’t been used.
Not that device manufacterers are perfect, mind you… a battery and dedicated computer unit not so different from a speak and spell runs more than $1000? AEDs should be on the shelves at Walmart for $99.99 with LOTS of disclaimers to protect from the ambulance chasers, but THAT would save lives, malware be damned.
Report this comment
bobdiamond
Posted on October 19, 2012 at 5:16amYou hit on one of the major things which drives medical costs, litigation. Until we have meaningful tort reform, we will never get costs under control. Read political commentary at: http://smallcraftadvisorychronicles.blogspot.com/
Report this comment
loriann12
Posted on October 19, 2012 at 6:40amYou do know the definition of a catastrophe? When you have more dead than you have morgue slabs. If you took out a hospital, you’d have NO morgue slabs. that’s why when there’s a major catrosphe, like an interstate pile up, with mass cassualties, they send the victims to multiple hospitals, so as not to strain one.
Report this comment
Elena2010
Posted on October 19, 2012 at 12:31amWhat kind of a warped individual would even think abt doing something like this?
Report this comment
Snowleopard {gallery of cat folks}
Posted on October 19, 2012 at 2:40amSomeone who might wish to cause terror and fear in and of the medical health system.
Consider – How long would it take if people started dying from what appeared to be normal heart failure/strokes/etc to discover it was a virus in their heart devices that actually inflicted the damage?
Once it became known and accepted among medical and law authorities, the ones responsible for the virus announce it to the world news services, with proof of their actions.
What kind of fear and panic would that transmit to people and their families who depend on such devices?
What would the Federal and State governments do legislatively to ‘change things for the better’ with new laws, restrictions and more loss of our freedoms?
How many people would trust the medical system again, especially say, after vaccines or such turned out to be contaminated (accidental or deliberate)?
Remember, a terrorist of any bent, seeks to change a society for the worst, by causing the MOST VISIBLE damage possible, even if the physical losses are minimal. It is the ultimate in PsyOps to be conducted.
Consider the Anthrax letters and the Beltway Sniper matters for a simple idea of what could happen.
Report this comment
right-wing-waco
Posted on October 18, 2012 at 11:51pmI still think hackers that interfere with someone elses property should be punished severely. 10 years in prison or maybe (enter your ideas here)
Report this comment
Salamander
Posted on October 19, 2012 at 12:13amYeah, especially if that property is their pacemaker!
Report this comment
CatB
Posted on October 19, 2012 at 2:09amJust take them out and shoot or hang them — and put it live online .
Report this comment
Meyvn1
Posted on October 22, 2012 at 9:05amPeople can hose up these systems by accident also. Then what. Wisdom would be to not have them connected or accept portable devices. Stuff happens, be it intentionally or inadvertently.
Report this comment