Hack Your Way Into Their Heart

Security researchers discovered that some medical devices that wirelessly broadcast patient data to monitors are doing so unencrypted. Some of that data is personal, such as the patient’s ID and in some cases, the social security number. Wouldn’t it suck to have a pile of medical bills and suddenly suffer identity theft because a bunch of doctors ignored security precautions on their medical devices?

From the AP here:

A common new technology for monitoring defibrillators is vulnerable to hacking and even to reprogramming that could stop the devices from delivering a lifesaving shock.

In the past couple years, more than 100,000 patients in the U.S. alone have been implanted with newer devices that reduce medical visits by sending information on a patient to a bedside monitor that then sends the data to a doctor, usually once a day.

In the model researchers studied, transmissions from the defibrillator to the bedside monitor are not encrypted, which means that someone intercepting the transmissions could retrieve such data as the patient’s birth date, medical ID number and, in some cases, Social Security number.

As the technology spreads to more medical devices, including pacemakers, spinal cord stimulators and hearing implants — and as the range of the devices’ radio signals increase — the researchers predict patients’ data will face increasing risks.

“There will be more implanted devices and more wireless capabilities and transmissions over greater distances,” said Dr. William Maisel, one of the study’s authors.