Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Expected To Hit 'Lifesaving' Medical Devices In 2016 (forrester.com)

Posted by Soulskill on from the whatever-can-be-hacked-will-be-hacked dept.

An anonymous reader writes: A surge in ransomware campaigns is expected to hit the medical sector in 2016, according to a recent report published by forecasters at Forrester Research. The paper 'Predictions 2016: Cybersecuirty Swings To Prevention' suggests that the primary hacking trend of the coming year will be "ransomware for a medical device or wearable," arguing that cybercriminals would only have to make mall modifications to current malware to create a feasible attack. Pacemakers and other vital health devices would become prime targets, with attackers toying with their stability and potentially threatening the victim with their own life should the ransom demands not be met.

7 of 108 comments (clear)

  1. I'm careful about using the term "Evil" by unimacs · · Score: 4, Insightful

    But that would qualify.

    1. Re:I'm careful about using the term "Evil" by Anonymous Coward · · Score: 2, Insightful

      Anyone who willingly and knowingly infects a medical device with the purpose of causing harm is deserving of the death penalty. Full stop. These people are already a true menace, but medical equipment? This goes beyond the pale. Hang them from neck until dead in public.

  2. DJ Kardio and the Beatskippers by Pseudonymous+Powers · · Score: 5, Insightful

    How about we don't put a network chip on a pacemaker, dumbasses.

    Why would you ever need to communicate with it? Is there ever a time when you want your heart not to beat?

  3. Re:Smells like FUD by gstoddart · · Score: 3, Insightful

    I don't expect every company to build an OS .. that would pretty much mean we don't get any new devices and software ever.

    But I do expect that companies not be so damned lazy when it comes to writing security, and that they be required to support OS updates and fix security holes ... you can't just say "nope, you have to stay on an ancient and unpatched OS because we can't confirm our stuff still works". And if you can't, you should lose any certifications the device has.

    I've been saying for years the makers of consumer electronics need to be held to a higher standard when it comes to security, and to actually have some liability for it.

    The makers of medical devices and cars and the like need to be held to a significantly higher standard than that.

    But companies just rush some crap out the door and walk away.

    --
    Lost at C:>. Found at C.
  4. I Bet This Article Will Do As Much Damage... by ComputerGeek01 · · Score: 3, Insightful

    I bet articles like these are going to do more damage to people than any actual malware infections. How many people do you think are going to actually be walking around with an infected pacemaker? It's not like you can open up your chest and run Malwarebytes on the damn thing. So when some hospitals patient files gets hacked, and Joe Shmoe gets a phone call or an Email implying that if he doesn't pay up his heart will explode, he's going to be breaking out his checkbook just to be safe.

    On the other hand, this is really just another reason to go with an external pacemaker.

    1. Re:I Bet This Article Will Do As Much Damage... by tibit · · Score: 3, Insightful

      I'm almost certain that the article is in fact a set up piece that is there only to plant a seed of doubt in the hive mind of public opinion. I'm sure that if we do the due diligence it'll turn out that the article has been, very indirectly of course, made to be by the people who will later reap the benefits of extortion schemes that center on those with implanted medical devices. I'm not implying that the author is necessarily knowingly involved in this in any way, but merely has been artfully played by those who see the big picture. You don't need to actually do anything to the devices themselves, just steal a patient list or two from a poorly secured system somewhere, and send a bulk extortion email with a link to the fine article (and others like that) to bolster the legitimacy of the threat. If the author hasn't been played in any way, then the damage is still done: the scammers just got a great idea they'll no doubt literally capitalize on.

      --
      A successful API design takes a mixture of software design and pedagogy.
  5. Re:ignoramus question here... by tibit · · Score: 3, Insightful

    Why in hell is a pacemaker something accessible in any way to a random malware distributor?

    Because it's a programmable electronic device and they are all accessible to sufficiently sophisticated malware by definition. There's no way around that unless everything that ever accessed the device was completely air-gapped, self-contained and hardened. Note that this would also preclude any sort of data I/O with PCs etc., making the whole thing almost useless.

    have never had the ability or need to talk to the internet

    They still don't. Read the original article carefully, and be able to rationally separate wheat from chaff, or, as it is here, sensationalist bullshit.

    --
    A successful API design takes a mixture of software design and pedagogy.