Many people are utilizing wireless technology that has not been properly secured by the vendor who provide the technology. <a href="http://www.darkreading.com/blog/231500306/medical-device-security-under-fire-at-black-hat-defcon.html" title="Hacked Wireless Medical Devices " target="">javascript:nicTemp();</a> (this link was supposed to say Hacked Wireless Medical Devices - not sure why it came up this way.) Most people wouldn't even give it thought - we deal with cell phone/wireless every day. Really, how many people consider the idea that their wireless unit could be controlled by some 12 year old in Estonia (just saying.) Anyway, interesting article - just be aware that if you Opt In (get used to hearing that term) and have wireless medical devices, unless the provider has indicated that it is using 128 bit encryption between the device and the host, it's probably not secured from hacking.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Wireless Medical Devices
- Thread starter dbtoo
- Start date
Many people are utilizing wireless technology that has not been properly secured by the vendor who provide the technology. <a href="http://www.darkreading.com/blog/231500306/medical-device-security-under-fire-at-black-hat-defcon.html" title="Hacked Wireless Medical Devices " target="">javascript:nicTemp();</a> (this link was supposed to say Hacked Wireless Medical Devices - not sure why it came up this way.) Most people wouldn't even give it thought - we deal with cell phone/wireless every day. Really, how many people consider the idea that their wireless unit could be controlled by some 12 year old in Estonia (just saying.) Anyway, interesting article - just be aware that if you Opt In (get used to hearing that term) and have wireless medical devices, unless the provider has indicated that it is using 128 bit encryption between the device and the host, it's probably not secured from hacking.
Many people are utilizing wireless technology that has not been properly secured by the vendor who provide the technology. <a href="http://www.darkreading.com/blog/231500306/medical-device-security-under-fire-at-black-hat-defcon.html" title="Hacked Wireless Medical Devices " target="">javascript:nicTemp();</a> (this link was supposed to say Hacked Wireless Medical Devices - not sure why it came up this way.) Most people wouldn't even give it thought - we deal with cell phone/wireless every day. Really, how many people consider the idea that their wireless unit could be controlled by some 12 year old in Estonia (just saying.) Anyway, interesting article - just be aware that if you Opt In (get used to hearing that term) and have wireless medical devices, unless the provider has indicated that it is using 128 bit encryption between the device and the host, it's probably not secured from hacking.
That's interesting, and it's good that they are trying to bring about an awareness to address vulnerabilities. I can't help but wonder though, what's in it for the hackers? A target for black hat hackers would hold some significance, financial gain, disruption or harm to the parent company or be a very secure site in which you can plant your "I was here" flag. The latter is harmless, there shouldn't be much valuable information on a wireless medical device, other than perhaps identification information such as SSN, but most systems, at least the EMR systems that I am familiar with, use different identifiers than SSN. So, that leaves us with deliberate harm to the company. This is probably the most likely scenario. A black hat hacker or group uses their skill to carry out a site defacement or a DDOS attack against perhaps a large hospital system or an insurance company. Typically this is done to the company's home page, but it's not outside of the realm of possibility to include an in-house EMR system. The issue is that the hackers are after the company and not the patients. I find it difficult that a hacker would try to manipulate medication dosages or something on a patient level. The other threat would be from a virus attack, but typically those come about from scanner bots that look for vulnerable systems, rather than a strategic attack.
It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.
It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.
That's interesting, and it's good that they are trying to bring about an awareness to address vulnerabilities. I can't help but wonder though, what's in it for the hackers? A target for black hat hackers would hold some significance, financial gain, disruption or harm to the parent company or be a very secure site in which you can plant your "I was here" flag. The latter is harmless, there shouldn't be much valuable information on a wireless medical device, other than perhaps identification information such as SSN, but most systems, at least the EMR systems that I am familiar with, use different identifiers than SSN. So, that leaves us with deliberate harm to the company. This is probably the most likely scenario. A black hat hacker or group uses their skill to carry out a site defacement or a DDOS attack against perhaps a large hospital system or an insurance company. Typically this is done to the company's home page, but it's not outside of the realm of possibility to include an in-house EMR system. The issue is that the hackers are after the company and not the patients. I find it difficult that a hacker would try to manipulate medication dosages or something on a patient level. The other threat would be from a virus attack, but typically those come about from scanner bots that look for vulnerable systems, rather than a strategic attack.
It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.
It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.
That's interesting, and it's good that they are trying to bring about an awareness to address vulnerabilities. I can't help but wonder though, what's in it for the hackers? A target for black hat hackers would hold some significance, financial gain, disruption or harm to the parent company or be a very secure site in which you can plant your "I was here" flag. The latter is harmless, there shouldn't be much valuable information on a wireless medical device, other than perhaps identification information such as SSN, but most systems, at least the EMR systems that I am familiar with, use different identifiers than SSN. So, that leaves us with deliberate harm to the company. This is probably the most likely scenario. A black hat hacker or group uses their skill to carry out a site defacement or a DDOS attack against perhaps a large hospital system or an insurance company. Typically this is done to the company's home page, but it's not outside of the realm of possibility to include an in-house EMR system. The issue is that the hackers are after the company and not the patients. I find it difficult that a hacker would try to manipulate medication dosages or something on a patient level. The other threat would be from a virus attack, but typically those come about from scanner bots that look for vulnerable systems, rather than a strategic attack.
<br />
<br />It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.
<br />
<br />It will be interesting to see what additional research will bring. As a side note, many corporate victims of malicious hacking do not go public. To minimize damage, they hire private investigator firms that specialize in computer security. Because of that, it might be difficult to get a good picture of how often these vulnerabilities are exploited.