Hackers have been using ransomware–a type of malware in which attackers can steal or delete the contents of users’ computers if they don’t pay a ransom–for the past 25 years. Now, it seems, the same tactic may be used on insulin pumps and pacemakers. Ransomware in medical devices is the single biggest cyber security threat for 2016, according to a recent report from research and advisory firm Forrester and reported by Motherboard.
As of yet there are no documented cases of hackers holding a user ransom by his medical device, but experts are realizing that cyber security for medical devices—really anything connected to the Internet, including surgical robots—is lagging woefully behind the digital protection arming other systems and gadgets. Experts quoted in a recent piece in Bloomberg Business estimate that the security around medical devices is about a decade behind the overall standard. Earlier this year, the FDA issued a letter warning hospitals and patients that a pump commonly used to ration out proper dosing of medicine in IVs could be vulnerable to attack.
Threats to medical devices may have been common knowledge (enough to make up a plot twist on the TV show Homeland) but no one paid much attention because there didn’t seem to be any clear benefit to a hacker. Who would want to mess up John Doe’s drug infusion pump? But as more health insurance providers find themselves under fire, it’s clear that hackers have set their sights on the healthcare industry. And with the prospect of a ransom, that threat feels all too immediate and personal, especially since it’s not cheap—most hackers ask for $200 to $10,000, according to the FBI.
Between April 2014 and June 2015, hackers’ extortions via personal computers cost American victims $18 million.
Unlike on a personal computer, individuals can’t put digital security measures in place to protect their biomedical devices. It’s up to the manufacturers of the device’s hardware and software to put the proper security protocols in place. Hopefully they can do so before ransomware becomes as big of an issue as predicted.