It’s been a breakout year for the so-called “Internet of Things,” in which everyday consumer products can now be connected to the Web, from doorbells and refrigerators to air conditioners and cars – making every aspect of our lives increasingly vulnerable to hackers.
Perhaps the most frightening vulnerability to emerge is the cyber threat posed to life-saving medical devices. For the first time this year the FDA urged hospitals to discontinue using a hospital product that delivered medications directly to patients because a hacker could control it remotely.
Now comes a story from Bloomberg Business describing how a team of elite security researchers known as “white hat hackers” was invited to the prestigious Mayo Clinic two years ago in Minnesota. They were given 40 different medical devices and told to break into them any way they could in an effort to expose vulnerabilities. One hacker told Bloomberg that pretty much every device – including ventilators, imaging scanners and special therapy machines – went down with ease. From another unsettling anecdote in the story:
Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. TrapX created virtual replicas of specific medical devices and installed them as though they were online and running. To a hacker, the operating system of a fake CT scan device planted by TrapX would appear no different than the real thing. But unlike the real machines, the fake devices allowed TrapX to monitor the movements of the hackers across the hospital network. After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.