It’s been a breakout year for the so-called “Internet of Things,” in which everyday consumer products can now be connected to the Web, from doorbells and refrigerators to air conditioners and cars – making every aspect of our lives increasingly vulnerable to hackers.

Perhaps the most frightening vulnerability to emerge is the cyber threat posed to life-saving medical devices. For the first time this year the FDA urged hospitals to discontinue using a hospital product that delivered medications directly to patients because a hacker could control it remotely.

Now comes a story from Bloomberg Business describing how a team of elite security researchers known as “white hat hackers” was invited to the prestigious Mayo Clinic two years ago in Minnesota. They were given 40 different medical devices and told to break into them any way they could in an effort to expose vulnerabilities. One hacker told Bloomberg that pretty much every device – including ventilators, imaging scanners and special therapy machines – went down with ease. From another unsettling anecdote in the story:

Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. TrapX created virtual replicas of specific medical devices and installed them as though they were online and running. To a hacker, the operating system of a fake CT scan device planted by TrapX would appear no different than the real thing. But unlike the real machines, the fake devices allowed TrapX to monitor the movements of the hackers across the hospital network. After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.

Creative Commons License

Republish our articles for free, online or in print, under a Creative Commons license.

G.W. Schulz is a reporter for Reveal, covering security, privacy, technology and criminal justice. Since joining The Center for Investigative Reporting in 2008, he's reported stories for NPR, KQED,, The Dallas Morning News, the Chicago Tribune, the San Francisco Chronicle, Mother Jones and more. Prior to that, he wrote for the San Francisco Bay Guardian and was an early contributor to The Chauncey Bailey Project, which won a Tom Renner Award from Investigative Reporters and Editors in 2008. Schulz also has won awards from the California Newspaper Publishers Association and the Society of Professional Journalists’ Northern California Chapter. He graduated from the University of Kansas and is based in Austin, Texas.