Cybersecurity

What is medjacking?

A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski   (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - RTXZUYD

Could your medical device be hijacked? Image: REUTERS/Pawel Kopczynski

Keith Breene
Senior Writer, Forum Agenda

Cyberattacks on life-saving medical devices such as heart pacemakers present a very real threat and could come from terrorist groups or even nation states, according to a new World Economic Forum report on cyber risk.

Medjacking – the practice of hacking a medical device with the intent to harm or threaten a patient – has been called a “ticking time bomb” and the threat is considered so real that in 2015, the FBI felt compelled to issue a security alert warning.

Image: biosecruitymetrics.com

The Achilles heel

In 2015, researchers discovered safety flaws in a brand of infusion pump which was used to inject medications directly into the bloodstream of patients.

Deadly vulnerabilities were then found in dozens of devices, including X-ray systems, CT scanners, medical refrigerators and implantable defibrillators.

After the researchers’ discovery, the US Department of Homeland Security and Federal Drug Administration began warning customers not to use the devices due to the vulnerability. The announcement was the first time the government advised healthcare providers to discontinue the use of the medical device.

And authorities have been aware of the problem for much longer, as evidenced by the revelation by former US vice president Dick Cheney that in 2007 he had the wireless function of his heart defibrillator disconnected to protect him from the risk of cyberattack.

A wider issue

The World Economic Forum‘s whitepaper on Risk and Resilience: Understanding Systemic Cyber Risk, highlights the fact that information is the lifeblood of healthcare.

The healthcare sector acquires, stores and processes a vast amount of critical and sensitive information, such as bank account information, credit card data, social security numbers and health information, such as medical diagnoses, insurance claims and treatments.

Yet the healthcare sector has had a lack of comparative investment in cybersecurity, which has resulted in a lack of best practices to ensure the confidentiality, integrity and availability of critical and sensitive personal and health-related information.

This has applied to medical devices too. Until recently, security was not considered a high priority.

________________

________________

The source of the threat

Attacks on healthcare systems can emanate from anywhere in the world, according to the report. They could be from cybercriminals trying to extort money or terrorists groups, or even nation states trying to put lives in danger.

The report concludes that while such attacks have not yet publicly materialized, the danger is very real and could include the widespread disruption of network-enabled medical devices like pacemakers or medicine delivery systems such as the pumps used in hospitals around the world.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Global Health

Related topics:
CybersecurityHealth and Healthcare Systems
Share:
The Big Picture
Explore and monitor how Global Health is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum