What is medjacking?
Could your medical device be hijacked? Image: REUTERS/Pawel Kopczynski
Cyberattacks on life-saving medical devices such as heart pacemakers present a very real threat and could come from terrorist groups or even nation states, according to a new World Economic Forum report on cyber risk.
Medjacking – the practice of hacking a medical device with the intent to harm or threaten a patient – has been called a “ticking time bomb” and the threat is considered so real that in 2015, the FBI felt compelled to issue a security alert warning.
The Achilles heel
In 2015, researchers discovered safety flaws in a brand of infusion pump which was used to inject medications directly into the bloodstream of patients.
Deadly vulnerabilities were then found in dozens of devices, including X-ray systems, CT scanners, medical refrigerators and implantable defibrillators.
After the researchers’ discovery, the US Department of Homeland Security and Federal Drug Administration began warning customers not to use the devices due to the vulnerability. The announcement was the first time the government advised healthcare providers to discontinue the use of the medical device.
And authorities have been aware of the problem for much longer, as evidenced by the revelation by former US vice president Dick Cheney that in 2007 he had the wireless function of his heart defibrillator disconnected to protect him from the risk of cyberattack.
A wider issue
The World Economic Forum‘s whitepaper on Risk and Resilience: Understanding Systemic Cyber Risk, highlights the fact that information is the lifeblood of healthcare.
The healthcare sector acquires, stores and processes a vast amount of critical and sensitive information, such as bank account information, credit card data, social security numbers and health information, such as medical diagnoses, insurance claims and treatments.
Yet the healthcare sector has had a lack of comparative investment in cybersecurity, which has resulted in a lack of best practices to ensure the confidentiality, integrity and availability of critical and sensitive personal and health-related information.
This has applied to medical devices too. Until recently, security was not considered a high priority.
________________
Have you read?
Hackable X-ray machines and other digital threats
Rethinking healthcare with the help of technology
Health hackers: the new cyber threat
________________
The source of the threat
Attacks on healthcare systems can emanate from anywhere in the world, according to the report. They could be from cybercriminals trying to extort money or terrorists groups, or even nation states trying to put lives in danger.
The report concludes that while such attacks have not yet publicly materialized, the danger is very real and could include the widespread disruption of network-enabled medical devices like pacemakers or medicine delivery systems such as the pumps used in hospitals around the world.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Global Health
Related topics:
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on CybersecuritySee all
Kate Whiting
December 12, 2024