Thousands of Critical Security Flaws Leave Pacemaker Vulnerable to Hackers

It’s about time when hackers will start infecting Pacemaker with ransomware.

Ever thought about vulnerabilities in Pacemakers? The device which is implanted in the body of a patient to deal with life-threatening cardiac rhythmic issues? These devices often use radio signals to communicate with the pacemaker to avoid further surgeries. Now, according to a recent research report, these pacemakers contain some security loopholes which make them vulnerable to potentially catastrophic cyber attacks.

The researchers, Billy Rios and Jonathan Butts from WhiteScope recently divulged a troubling fact about the pacemaker device that has around 8600 which could be attractive to malicious hackers out there. These pacemaker ecosystem security flaws, if misused by any hacker, could potentially bring about some fatal consequences since the attackers can even adjust the pacemaker should they choose to; posing a grave risk to the lives of patients.

More:  Johnson & Johnson's Insulin Pumps vulnerable to cyber attacks

“Any pacemaker programmer can reprogram any pacemaker from the same manufacturer.This shows one of the areas where patient care influenced cybersecurity posture.” wrote the researchers in their summary.

The researchers continue with their condemnation by saying that the risks have been multiplied with the availability of such devices, its programs and the monitors on public eCommerce and auction sites such as eBay. This was defended by the manufacturer’s claim that the product accessibility is potentially controlled across the globe. The research further claimed that they had found some grave security issues in the pacemaker after purchasing the device which was priced between $15 to $3,000.

These security flaws were discovered in four variant programmers from separate manufacturers. Moreover, they have also found the patient’s’ medical data which was left unencrypted in the pacemaker ecosystem; which of course, is a total vulnerability that is needed to be addressed by the manufacturer before the device is targeted by potential ransomware attacks. The researchers disclosed East Coast Hospital as the source of the data. 

However, this is not the first time when cyber security experts have raised concerns regarding gross vulnerabilities in such medical devices. Back in 2013, the US Food and Drug Administration and the Industrial Control Systems Cyber Emergency Response Team both released various provisos about the security loopholes in various medical devices that included ventilators, monitors, drug infusion pumps, anesthesia and surgical devices. The potential hackers, if they were to breach standard passwords of these devices, could easily get the access and control to these devices and even could change the settings that can yet again bring severe consequences.

These researchers further discussed their subsequent research about home monitoring systems and stated they would put forward the queries that can be used by vendors while evaluating their security issues.

“The findings are relatively consistent across the different vendors, highlighting the need for all vendors to perform an in-depth and holistic evaluation of implemented security controls,” Rios and Butts said. “By ensuring appropriate security controls are implemented, vendors can help protect against potential system compromises that may have implications for patient care.”

More:  After IoTs, it is the IMDs that are Most Vulnerable to Hacking

Image Credit: Shutterstock/ChooChin


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.