Is It Time For Computer Security Experts To Get Jobs In The Medical Device Arena?
from the dance,-heart-patient,-dance! dept
Last week, one of the stories that got a few headlines and made the rounds concerned the news that some popular heart monitors could be hacked, potentially in a way that would provide powerful shocks to to the heart of someone who had such a device implanted. The reports made it very clear that the likelihood of such a hack was incredibly slim, as it would require a tremendous amount of access. So, this isn't something to worry about today, but it does suggest one area where it may pay for medical device makers to start thinking a little bit more about security. There was a report, about two years ago, that also warned of something similar, which we played down as a bit of fear-mongering (it had no real details, just suggesting that pacemakers would become a hacking target). It still seems like this is not going to be a huge threat any time in the near future, but that doesn't mean that those who design medical devices, especially those with connections to the outside world, shouldn't at least think through the potential security concerns and design these devices with security in mind from the beginning. That seems a lot safer than having to fix all of the installed devices down the road.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: computer security, hacking, medical devices
Reader Comments
Subscribe: RSS
View by: Time | Thread
Med devices
[ link to this | view in chronology ]
[ link to this | view in chronology ]
i think just one is enough.
aren't pacemakers supposed to give electric shocks to the heart to jump start it?
sound more like mis configuration, to me
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You could say that, but that's not quite the idea. A pacemaker keeps the heart beating at a steady pace where the body's own electrical impulses fail to do so - it keeps the heart's rhythm going when it misses a beat, or is running too slowly, basically. Now I don't know how artificial pacemakers can be programmed and what limitations are in place, and some factors are probably dependant on the condition of the patient, but the idea is probably that you can disrupt the pace of the heart (which is already having enough pacing problems without outside interference) and make it stall. Or, alternatively, switch off the pacemaker and wait a bit.
I don't see why computer security experts shouldn't already be working on medical devices though. Medical devices are, after all, just other computer systems with different functions. Somebody should be involved in the security of any computer system though: technology's fun and all, but it's used more and more in situations where post-control loss the technology can become annoying or dangerous.
That said, computer security isn't the only way about it. Restriction of physical access is a plus too - not an altenative, ideally you want both fields covered together. But if someone can't get to the equipment or the software to control something like a pacemaker, and there's no way to connect to the hospital/etc from outside of the premesis...well, if someone manages this kind of thing in that kind of situation then there are probably bigger problems than computer security to worry about, no?
But then, I can't imagine many medical systems becoming all that big of a target until someone devices a way (efficient or otherwise) of messing with lots of them at once.
[ link to this | view in chronology ]
Hacking medical devices
[ link to this | view in chronology ]