Bruce Schneier writes about recent news stories concerning hacking medical devices:
Okay, so this could be big news:
But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal — if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
There’s only a little bit of hyperbole in the New York Times article. The research is being conducted by the Medical Device Security Center, with researchers from Beth Israel Deaconess Medical Center, Harvard Medical School, the University of Massachusetts Amherst, and the University of Washington.
Full story – Schneier on Security
Update: Science Daily reports:
[…]
Dr. Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in Boston, notes, “One of the purposes of this research is to encourage the medical device industry to think more carefully about the security and privacy of patient information, particularly as wireless communication becomes more common. Fortunately, there are some safeguards already in place, but device manufacturers can do better.”
Full story – Science Daily