Header Ads

Medical Devices are also vulnerable to life threatening hacks

Yes you heard it right, Nearly 465,000 vulnerable pacemaker devices have been implanted in patients in the US. Hackers could use “commercially available” equipment to change the devices’ programming. The Food and Drug Administraion (FDA) in US has discovered a flaw a loophole in programming code which can allow hackers to control the pacing or deplete batteries.The affected pacemakers are made by St. Jude Medical, which was acquired by Abbott in January. 

In the U.S., the pacemaker devices to which the firmware update applies include Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF.Outside of the U.S., the pacemaker devices to which this update applies include Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP. So patients with these implanted, vulnerable device must visit their healthcare provider to receive a firmware update—something that would take just 3 minutes or so to complete that can fix the vulnerabilities and you are safe from these risks.
The models which are manufactured from next week of August 28th will have the update 

A depth view on vulnerablity
All of the programmers examined by the security firm had outdated software with known vulnerabilities, many of which run Windows XP.
What's even more frightening? Researchers discovered that the Pacemaker devices do not authenticate these programmers, which means anyone who gets their hands on an external monitoring device could potentially harm heart patients with an implanted pacemaker that could harm or kill them.

Another troubling discovery by researchers is with the distribution of pacemaker programmers.
Although the distribution of pacemaker programmers is supposed to be carefully controlled by the manufacturers of pacemaker devices, the researchers bought all of the equipment they tested on eBay.
Yeah the equipment which is used to connect to pacemaker are sold on eBay.
What's more? In some cases, researchers discovered unencrypted patients' data stored on the pacemaker programmers, including names, phone numbers, medical information and Social Security numbers (SSNs), leaving them wide open for hackers to steal. This means anyone within range of the devices or systems can change the pacemaker's settings of a patient using a programmer from the same manufacturer.

No comments

Powered by Blogger.