Exploiting Implanted Medical Devices

							

		
	

		
			
		
	

		
			
		
		

		
			
		
	

		
			
		
	

			
				
			
		

						
Hollywood Future PredictionsSpoiler Alert – for anyone who has not watched the Showtime series “Homeland” or not got past Season 2
<img data-lazy-fallback="1" aria-describedby="caption-attachment-2380" data-attachment-id="2380" data-permalink="https://www.incrementalhealthcare.com/exploitmeddevices-homelandbroeknhearts/" data-orig-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?fit=590%2C332&amp;ssl=1" data-orig-size="590,332" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="Exploiting Medical Devices &#8211; HomeLand &#8211; Broken Hearts" data-image-description="" data-image-caption="" data-medium-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?fit=300%2C169&amp;ssl=1" data-large-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?fit=590%2C332&amp;ssl=1" class="wp-image-2380 size-full" src="https://i0.wp.com/incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?resize=590%2C332" alt="" width="590" height="332" srcset="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?w=590&amp;ssl=1 590w, https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?resize=300%2C169&amp;ssl=1 300w, https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploitMedDevices-HomeLandBroeknHearts.jpg?resize=266%2C150&amp;ssl=1 266w" sizes="(max-width: 590px) 100vw, 590px" data-recalc-dims="1"  />Hacking Medical Devices – Homeland Broken Heart; Picture from Seriesandtv.com
In the episode titled “Broken Heart” (December 2, 2012) we watch a hacker gain remote unauthorized access to the Vice Presidents Pacemaker and induces a tachycardia (increase in the heart rate) causing him to succumb to a heart attack. Abu Nazir kills the vice president by accessing his pacemaker remotely:
While the whole operation seemed almost too simple, it was not an implausible tactic. We saw this in October when Darren Pauli wrote about a researcher in Australia who
“reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.”
The risk was real enough that Dick Cheney revealed his fear of this hack to have the wireless function turned off in 2007 and it was covered in this piece in the NY Times A Heart Device Is Found Vulnerable to Hacker Attacks but was discounted based on the high cots and need for sophisticated equipment.
<img data-lazy-fallback="1" aria-describedby="caption-attachment-2381" data-attachment-id="2381" data-permalink="https://www.incrementalhealthcare.com/exploritingmedical-devices-billy-rios/" data-orig-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploritingMedical-Devices-Billy-Rios.jpg?fit=147%2C147&amp;ssl=1" data-orig-size="147,147" data-comments-opened="1" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="Billy Rios" data-image-description="" data-image-caption="&lt;p&gt;Billy Rios &#8211; Security Researcher&lt;/p&gt;
" data-medium-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploritingMedical-Devices-Billy-Rios.jpg?fit=147%2C147&amp;ssl=1" data-large-file="https://i0.wp.com/www.incrementalhealthcare.com/wp-content/uploads/2018/08/ExploritingMedical-Devices-Billy-Rios.jpg?fit=147%2C147&amp;ssl=1" loading="lazy" class="size-full wp-image-2381" src="https://i0.wp.com/incrementalhealthcare.com/wp-content/uploads/2018/08/ExploritingMedical-Devices-Billy-Rios.jpg?resize=147%2C147" alt="" width="147" height="147" data-recalc-dims="1"  />Billy Rios – Security Researcher
Enter a security manager and researcher – Billy Rios who, thanks to an unplanned extended visit to a hospital surrounded by a slew of unsecured access points in his hospital room and devices connecting via WiFi-connected to him went on an 18-month journey to study the risks.
This presentation is the culmination of an 18-month independent case study in implanted medical devices. The presenters will provide detailed technical findings on remote exploitation of a pacemaker systems, pacemaker infrastructure, and a neurostimulator system. Exploitation of these vulnerabilities allow for the disruption of therapy as well as the ability to execute shocks to a patient.
He presented his findings at BlackHat 2018: Understanding and Exploiting Implanted Medical Devices

Here’s the video of the hack demonstrated at the event:

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start">﻿</span>

I was fortunate to speak to him to discuss the journey, his findings, and thoughts on incremental steps to mitigate this
 
As Billy points out – it is essential for the clinical team to focus on these risks, understand the concerns raised by the security researchers and others and provide the essential clinical perspective missing from healthcare security discussions

Here is the live stream of their presentation and demo:

Share this:Twitter
LinkedIn
Facebook
Pocket
Email
Like this:Like Loading...

	Related
Tagged as Cybersecurity, FDA, Healthcare Security, Medical Devices, Pacemaker, Security

		Author
		Dr Nick
	

		Author's archive
	
CommentsComments are closed.

	        
	

Categories
			23andme
3DPrinting
3M
ACO
Addiction
ADE
Africa
Aging
AI
AIDS
ALS
Alzheimer
AMDIS
Analytics
Apollo11
Apple
Art of Medicine
Artificial Intelligence
ArtofMedicine
Asperger's
Autism
behavior
bigdata
Blood Pressure
Cancer
CAPD
Career
CCHIT
CDI
CDS
Cerner
Certification
CES
Children
Clinical Decision Making
Clinical Decision Support
Clinical Documentation
Clinical Informatics
Clinical Language Understanding
Clinical Narrative
CLU
CMIO
coding
Compassion
continua
COVID19
CPOE
Cybercrime
Dell
DIctation
diet
DigitalHealth
Disruptive
Dragon
Dragon Mobile
DrVoice
EBM
Ebola
education
ehr
Empathy
EMR
Encryption
Epic
eScription
Evidence Based Medicine
expert systems
Future
Genetics
Glass
hcr
hcsm
Health Care Costs
Health Reform
Healthcare Insurance
Healthcare Security
Healthcare Standards
Healthcare Technology
HealthIT
Healthstory
HIMSS
HIT
HITECH Act
HITMC
HITsm
HL7CDA
IBM
icd10
Inattentional Blindness
Incremental
Innovation
Inspiration
Interoperability
iPad
iPhone
Jeopardy
Junior Doctor Hours
Kenya
KLAS
life
LLAP
Lou Gehrig's Disease
Malpractice
Mandela
Mandiba
Meaningful Use
Medical Devices
Medical Informatics
medical intelligence
Medical school
Medical Search
medicaltraining
Mens Health
MHC
mHealth
microbiome
Mobile
Moon Landing
MS
NaturallySpeaking
NHS
NLP
Nuance
Nurse
Nurses Week
Nutrition
obesity
ONC
Opioid Crisis
Passwords
Patent
Patient Engagement
Patient Safety
PCAST
Personal Health
Personal Health Management
Pharma
PHR
Physician Compensation
Population Health
Primary Care
Privacy
quality
Quality of Care
RAC
Radiation Exposure
radiology
rsna
Safety
SAGE
SARS-CoV-2
science
Scribes
SDK
SDoH
Security
Shuttle Launch
Siri. NLP
Sleep
SNOMED CT
social media
Space
Speech Recognition
Spock
Sports Injury
Statin
Suicide
sxsw
Technology
telemedicine
UEL
Uncategorized
vaccine
virtual assistant
voiceofthedoctor
voiceofthedr
Watson
Wearables
weightofthenation
Whisky
Womens Health
XML


				