Popular Articles
Today Week Month Year


Life threatening risk: Hackers can take over defibrillators, rewrite commands with disastrous consequences – DHS warning
By Vicki Batts // Aug 01, 2019

The Department of Homeland Security is warning against a critical flaw in Medtronic defibrillators which can be hacked by malicious actors. If a hacker were to exploit this flaw, they could gain control of the machine and rewrite commands -- actions which could have fatal consequences. At the time of this reporting, there have been no documented incidents involving patients harmed by hacked devices. Medtronic is currently working on a fix for the bug in their defibrillators, but in the meantime, some 750,000 of their devices are impacted by the flaw.

Brighteon.TV

When you hear the word "defibrillator," you may think of the automated external defibrillator (AED), which a healthcare professional may use during the instance of sudden cardiac arrest. But there are other types of defibrillators, such as implantable or wearable cardioverter-defibrillators. These devices are attached to the patient in some capacity and are used to prevent sudden death in people with life-threatening arrythmias.

Medtronic produces implantable defibrillators -- which means that the gaping security flaw in their devices puts many thousands of patients' lives at risk.

Medtronic defibrillators vulnerable to hacking

As Daily Mail reports, security researchers from the Clever Security firm discovered the vulnerability in Medtronic implantable defibrillators earlier this year. Flaws in how they communicate with the radios doctors use to track and adjust the devices after implantation could be exploited by hackers. Specifically, the Conexus communications protocol used by Medtronic is not encrypted and does not require user authentication -- two big missteps in the world of cybersecurity.

If these vulnerabilities were to be exploited, attackers could interrupt communications and change information on the device -- potentially weaponizing the defibrillator and harming the patient. In addition to interfering with device functionality, attackers could gain access to any sensitive information stored on it.

DHS has given this threat a rating of 9.3 out of 10, noting that it requires "low skill to exploit." However, a malicious actor would have to be in close proximity to the patient in order to carry out their attack.

As Threatpost reports, 20 different products made by Medtronic are affected by these flaws -- and an estimated total of 750,000 devices may be vulnerable.

A Medtronic spokesperson told Threatpost that the company is "conducting security checks to look for unauthorized or unusual activity that could be related to these issues." The company reports that there have been no attacks on vulnerable devices so far, and that there will be a series of software updates to resolve these security issues. The spokesperson told Threatpost that the first update will come in late 2019, pending regulatory approval.

However, there is still a greater problem at hand: Many medical devices are vulnerable to being attacked and exploited.

Many medical devices at risk

Cybersecurity experts have been warning about potential vulnerabilities in medical devices for quite some time. In 2018, CBS News reported that the federal government was investigating potential risks in devices such as pacemakers, insulin pumps and defibrillators.

At the time, government agencies said there were no reported incidents of medical devices being hacked and used to harm patients -- but a pair of cybersecurity experts contends that the threat of exploitation is imminent. Security researchers Billy Rios and Johnathan Butts said they were able to hack every device they examined. And as the Medtronic flaws show, in many cases, you don't need much skill to exploit the flaws seen in medical devices.

Many devices that are used to keep people alive -- from drug infusion pumps to pacemakers -- can be easily infiltrated. While data breaches can be devastating, hacking a medical device could kill a targeted patient.

It is no wonder security experts are now calling on medical device makers to take the security of their devices more seriously.

Learn more about hacking and cybersecurity at Glitch.news.

Sources for this article include:

DailyMail.co.uk

Threatpost.com

CBSNews.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.