Hackable Medical Devices

By Colin Son

 

As we become more and more reliant on active, implanted biotechnology the opportunities for malicious manipulation of such rise. The hacking of medical devices isn’t a new threat. I’ve commented on it, as have publications more prominent than this blog. The issue has taken on enough of intellectual seriousness that it has prompted the creation of a multi-institutional center, the Medical Device Security Center. In 2008 that group published a method of wirelessly accessing information from some models of pacemakers and then injecting active attacks to change the performance of the pacemakers. After publication they presented the same at Defcon.

 

At the Black Hat Conference last year an independent researcher presented a theoretical method of wirelessly changing the serum glucose readings of an implanted diabetic pump.

 

An attacker could intercept wireless signals and then broadcast a stronger signal to change the blood-sugar level readout on an insulin pump so that the person wearing the pump would adjust their insulin dosage. If done repeatedly, it could kill a person. Radcliffe suggested scenarios where an attacker could be within a couple hundred feet of a victim, like being on the same airplane or on the same hospital floor, and then launch a wireless attack against the medical device. He added that with a powerful enough antenna, the malicious party could launch an attack from up to a half mile away.

 

The most recent, highly publicized hack devised by researchers is one concerning implantable cardiac defibrillators.

 

In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said.

 

Any attacks on medical devices requires more than a common level of expertise but to one dedicated probably something within the ability to be self taught. There are much bigger public health issues, even within the biotechnology sphere, including the function and operating safety of such but this remains a scary prospect and one that deserves more attention. Medical device makers need to put more into the security of these devices and the FDA needs to place a focus on making sure device makers are doing such.

 

 

Colin Son is currently a neurosurgical resident. Earlier in life he was sure I wanted to be a screenwriter and went away to USC’s School of Cinematic Arts. Film school is awesome, no doubt, but he soon realized that for a career he wanted something a little more substantial. Such led him to medical school. Following my M.D. he did a year of general surgery training before matching into neurosurgery. He blogs at Residency Notes.

6093 Total Views 6 Views Today
rohanthedoctorschannel-com

Rohan Jotwani, "Almost" MD/MBA

Rohan Jotwani is a co-founder of The "Almost" Doctor's Channel and serves as Managing Editor. He is currently an MD/MBA student at the Tufts School of Medicine and is an avid producer and reader on topics in digital health, neuroscience and global health. Raised in Seoul, South Korea and Flushing, Queens, Rohan graduated from Columbia University. He has previously worked at The Doctor's Channel, WebMD and Pfizer, and is the former President of the Columbia Debate team.