Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Penetrate Top Medical Device Makers

Posted by samzenpus on from the lets-have-a-look dept.

An anonymous reader writes "Hackers have penetrated the computer networks of the country's top medical device makers, The Chronicle has learned. The attacks struck Medtronic, the world's largest medical device maker, Boston Scientific and St. Jude Medical sometime during the first half of 2013 and might have lasted as long as several months, according to a source close to the companies."

12 of 76 comments (clear)

  1. Take what they can get by cold+fjord · · Score: 4, Interesting

    I imagine they'll take what they can get: IP, personal data, or just more computers to control.

    If it really is China as suggested in the article that could make sense. China's population is going to be aging, and medical devices would be handy for either internal use or for another technology to develop and market.

    This is interesting (FTA): "The medical device makers were not aware of the intrusions until federal authorities contacted them, and they have formed task forces to investigate the breach, he said."

    Who do you suppose noticed the breaches, and how?

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re:Take what they can get by ebno-10db · · Score: 3, Funny

      Many of these device companies have network access/business agreements with healthcare providers around the nation.

      Hence the real reason that the federal government is concerned. They're afraid that the intruders will use that network access to reduce outstanding medical bills to reasonable levels.

    2. Re:Take what they can get by Hal_Porter · · Score: 3, Funny

      Who do you suppose noticed the breaches, and how?

      If the machine next to your hospital bed displays a laughing skull and starts playing mod tunes whilst demanding you pay by credit card to an account in Russia to avoid being "pwned by l33tgr0up" that is likely not a good sign.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  2. Re: Response by DoofusOfDeath · · Score: 5, Funny

    When I hear about stuff like this, I'm ashamed of the savage thoughts and desires I feel towards the perpetrators.

    Do you want to lick them?

    No, I want to make them use Slashdot Beta.

  3. New Level of Ransomware by Akratist · · Score: 3, Interesting

    Someone probably already wrote a sci-fi story along these lines, but I can easily see someone with an artificial heart, pacemaker, or some other medical device getting a phone call threatening to shut their thing off unless they make an extortion payment. While I think most of these are air gapped at the moment, it's inevitable that they will become more interconnected, especially as a means of delivering diagnostic information (aka "heartbeats", heh), at which point it will be possible to run exploits against them. Even if a person's devices aren't experiencing a legit attack, I can also see plenty of people being scared into coughing up dough because they won't know any better.

    1. Re:New Level of Ransomware by citizenklaw · · Score: 2

      Go watch the Almost Human episode "Arrythmia". Now.

      --
      the future is but past forgotten
    2. Re:New Level of Ransomware by Ambassador+Kosh · · Score: 2

      What is already happening is these devices are getting hard coded safety envelopes. You would be able to give them commands within that envelope but that would be it. It is not a problem but the medical device companies though they would have to deal with but they seem to be working on the problem pretty efficiently. So you could tell the heart to speed up a little or slow down a little but there would be hard coded controls so that you could not make it stop, run too fast, run too slow, run for very long at an altered setting etc. Insulin pumps etc are doing the same thing.

      This is a problem that is taking care of itself fairly quickly. There will not be many vulnerable devices and those will be replaced fairly quickly.

      --
      Computer modeling for biotech drug manufacturing is HARD! :)
    3. Re:New Level of Ransomware by Tablizer · · Score: 2

      There was concern shortly after 9/11 that terrorist hackers could shut down Dick Cheney's pacemaker using a proximate signal. He's rumored to have had surgery to turn off the remote command feature.

      http://abcnews.go.com/Health/d...

      --
      Table-ized A.I.
  4. This is what you get.... by Lumpy · · Score: 5, Insightful

    When you think of IT as that annoying office of geeks you have to tolerate in the company.

    They are your first line of defense, when they ask for something you GIVE IT TO THEM.

    --
    Do not look at laser with remaining good eye.
    1. Re:This is what you get.... by Bite+The+Pillow · · Score: 2

      Do you buy Oracle hardware and licenses because its what the DBA knows, or are your requirements satisfied by something less expensive?
      Do you need the Rsa connection so admins can remote in, or is that something that should be airgapped?

      My point is that you have to either know or trust, and trust is expensive. So hire well and pay generously. Just throwing money at the problem doesn't mean it will be solved well, or at all. As such, it is too simplistic to be taken as advice.

    2. Re:This is what you get.... by Jawnn · · Score: 2

      This is what you get when IT ACTS like annoying whining office jerks because they only explain things in completely condescending 100% tech speak ways to non techies, i.e. management.

      Management is your first source of funds. When they need it explained in their terms, EXPLAIN IT TO THEM.

      Nooo.... This is what you get when people who don't understand IT, and who can't be bothered to listen to any explanations, describe their experience when IT tries to explain why it is important to [insert security best practice here]. Yes, there are dickheads in IT too, who are condescending, etc., but that can hardly explain the constantly uphill battle that IT fights when trying to justify this expense or that policy.

  5. Internet of Things by JCHerbsleb · · Score: 3, Informative

    Welcome to the Internet of Things. Now, IT Security is not simply a venue to stop embarrassment (website defacements), disruption (DDoS), and exposure (SQLi), but potentially a life and death issue. Disruption of a pacemaker, insulin pump, etc. can have a very real impact. Perhaps a modern day "Pinto" incident will change the view of IT Security from an expense item to a necessary partner.