Ransomware Could Target Medical Devices
This post is also available in: 
עברית (Hebrew)
Medical devices may not be ever-present in headlines, but that does not mean no new developments in the field happen. Rather, in recent years the devices have become incredibly hi-tech. Ever utilising the newest technologies, soon medical devices are likely to be internet connected. With an internet-enabled pacemaker, a doctor should be able to receive data from sensors, tinker with settings and adjust instructions according to the patient’s evolving medical needs. This will allow for more personalised, speedier, better treatments. This convenience, however, comes with risks.
Security, sadly, has not been at the forefront of design processes for medical devices. While some other systems are designed to be attack resistant, for medical devices reliability is key, with all other considerations taking a distant second place. When the internet will finally arrive to these devices, if security is not addressed properly, the risks to lives could be disastrous.
A “Predictions 2016: Cybersecurity Swings To Prevention” report by leading technology and market researchers, Forrester Research, warns that medical devices could pose an attractive target for ransomware – a particularly pernicious set of malware applications that demand payment to not disrupt proper operation of digital devices.
“It’s definitely feasible from a technical standpoint,” says medical device security researcher Billy Rios. “I could see it as something that could happen next year. All that would be required from an attacker standpoint is small modifications to the malware to make it work.”
Rios and colleagues have identified 300 medical devices with severe security flaws, such as hard-coded passwords. This could be a boon for malicious attackers. Ransomware is already a giant secretive and illegal market, with vendors of software and services operating on the dark web. It is only expected to grow larger.
To prevent the possibility of our health and potentially lives being taken hostage, designers and manufacturers must make security the highest priority. While these devices are still shielded from the wider internet, when they do arrive at the stage of connectivity we must be prepared.
