465K Pacemakers, Syringe Infusion Pumps Vulnerable to Hacking
The U.S. Food and Drug Administration (FDA) recently issued an advisory amid reports of security flaws identified in 465,000 implantable cardiac pacemakers. These devices, which utilize radio frequency (RF) for communications, were recalled for a firmware update that patches the vulnerabilities.
According to the U.S.’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the vulnerabilities identified “may allow a nearby attacker to gain unauthorized access to a pacemaker and issue commands, change settings, or otherwise interfere with the intended function of the pacemaker.” The flaws involve compromising or bypassing the pacemaker’s authentication algorithm, unrestricted RF commands that can be issued, and unencrypted patient information transmitted to programmers and home monitoring units. The flaws could change pace settings and deplete the device’s battery, for instance.
Similar incidents are likely to become more common as medical devices become more connected. On September 7, ICS-CERT issued a similar advisory, and this time the vulnerabilities affected a wireless syringe infusion pumps that are used worldwide, especially in acute care settings (i.e., neonatal and pediatric intensive care). When successfully exploited, the flaws can enable “a remote attacker to gain unauthorized access and impact the intended operation of the pump.” The vulnerabilities entail buffer overflows, hardcoded credentials for establishing wireless connections, and improper certificate validation and access control.
Healthcare organizations increasingly rely on online platforms to provide care and perform critical operations. But bad guys are doing the same, exploiting security gaps in these platforms and turning them into cash cows. A recent hacking attempt in Albany, New York further illustrated the risks when the Schuyler County’s 911 emergency system was disrupted. The intrusions reportedly kept trying various passwords until it accessed their system—which resembles brute-force logins and dictionary attacks. If compromised, the network could’ve been the hackers’ doorway to sensitive, mission-critical, and personally identifiable data.
Indeed, keeping intruders at bay has become a significant facet of a healthcare organization’s bottom line. In the first half of 2017, for instance, hacking (and malware attacks) were major causes of externally reported data breaches in the U.S. Non-profit Privacy Rights Clearinghouse has already recorded 195 incidents of data breaches from January to August 2017.
As such, healthcare organizations should proactively integrate multilayered countermeasures against cyberattacks that threaten the privacy and security of the data and medical devices. Organizations also need to proactively gauge their impact, and employ the response and remediation strategies needed for them.
Apart from the firmware update that they released, the pacemaker’s manufacturer is also communicating with the relevant authorities, global regulators and security experts to “strengthen protections against unauthorized access to its devices.” The wireless syringe infusion pump’s manufacturer is doing the same and currently working on rolling out a security update. ICS-CERT recommends monitoring and logging network traffic as well deploying network segmentation and data categorization to mitigate risks.
Trend Micro Solutions
Trend Micro’s suite of products for healthcare organizations, powered by XGen™ security, can help improve security while meeting compliance needs, preventing exploits on medical devices and legacy platforms, as well as identifying advanced malware and suspicious network activity. Trend Micro’s Network Defense and Hybrid Cloud Security, which features Trend Micro Deep Security™, help uncover and block targeted attacks and advanced threats from spreading within the network. Trend Micro’s Smart Protection Suites has an Integrated Data Loss Prevention (DLP) capability that can quickly and easily manage sensitive information and prevent data loss via endpoints, SaaS applications, messaging, cloud storages, and web gateways.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases