465k Patients Require a Cybersecurity Patch
Software updates are becoming more painful. 465k pacemaker patients have been told they need a security patch.
The U.S. Food and Drug Administration (FDA) has issued a safety communication indicating a firmware update was necessary to address cybersecurity vulnerabilities in Abbott’s Implantable cardiac pacemakers. Abbott (formerly St. Jude Medical) published an open letter to doctors which stated:
"If there were a successful attack, an unauthorized individual (i.e., a nearby attacker) could gain access and issue commands to the implanted medical device through radio frequency (RF) transmission capability, and those unauthorized commands could modify device settings (e.g., stop pacing) or impact device functionality,"
According to Abbott, there have been no reports of device compromise related to these vulnerabilities, they are recommending a firmware update by professionals to update the device to newer software. The update cannot be delivered remotely, requiring patients to visit doctors in a facility that has proper equipment to service the patient in the unlikely event of an update failure.
This is an unfortunate and unnerving problem, far different than the updates to our phones, personal computers, or tablets. It is an example that has grave potential consequences. It will not be the last.
We are going to see more and more update notifications for medical and other IoT devices that impact life-safety. Modern society is at a point where the flood-gates of discovered device vulnerabilities may begin to open over the next few years, as a result of more technology being used in our everyday lives and connectivity coming under scrutiny by security researchers, regulators, and attacker communities. Now is the time for people and industries to contemplate the risks and maneuver early to greatly improve cybersecurity in products that we trust with our health, prosperity, and safety.
Image Source: http://media.sjm.com/newsroom/media-kits/heart-failure-hypertension/united-states/default.aspx
Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.
technology is only as effective as the person who is using it. How many people are there out there with the knowledge to hack even a computer? Plus how many would want too?
Technology can be designed to help or harm.
If we are not careful, even helpful tech can be misused and exploited for harm.
Even with an update wouldn't the device still be prone to attacks?
The updates are designed to fix the known vulnerabilities that have been discovered in the firmware. So, just like your PC, they may need to be patched again in the future if new weaknesses in the code are found.
This must be very truamatic for the patients. It is sad that prople are willing to endanger the lives of others for money. I hope that such incident will not happen.
I would not want to be one of those patients. A pacemaker is a lifesaving device, so you want to have trust in it. I doubt any of those patients feel much in the way of trust at the moment.
Feel free to drop by my profile. This post is about my travel.
Trans-Mongolia Adventure : Frolicking In Idyllic Village Of Khuzir
Thanks for this very important post. Its important for people to understand that everything that is connected to a network in any way is potentially vulnerable. This means not only medical devices, but your home appliances, your thermostats, your vehicles, and everything else that is network connected.
Its great to have the convenience to access everything remotely, but its important to keep the risks in mind too.
Wherever there is value, there are risks!
Agree completely! I think unfortunately, however, that too many people don't understand the risks, as most of the information they get is from people looking to try to sell them something. Every article like yours that helps increase awareness is a step in the right direction.
Nice post @mrosenquist ...I upvote and follow you... Keep up the good work... Blessings