1. You are here:
  2. Homepage
  3. News & Insights Search
  4. Money or Your Life: Report Predicts Ransomware Affecting Medical Devices in Near Future

rf-fullcolor.png

 

Regulatory News
October 9, 2014
by Alexander Gaffney, RAC

Money or Your Life: Report Predicts Ransomware Affecting Medical Devices in Near Future

European law enforcement authorities are predicting a dark, nefarious future for the cybersecurity of products, including medical devices, which could eventually lead to patients being held hostage from afar.

The prediction, made in Europol's 2014 Internet Organized Crime Threat Assessment (iOCTA), comes amid growing concern about the cybersecurity of devices. In the US, in particular, regulators and researchers have sounded the alarm over the lack of inherent security protections in many devices, saying it's surprisingly easy to hack into life-supporting devices like pacemakers.

The concerns have been enough to lead the US Food and Drug Administration (FDA) to issue recommendations that all Internet-connected devices should undergo threat and vulnerability testing prior to approval or clearance. Those recommendations were finalized in October 2014. The agency has also announced that it will conduct its own threat assessment testing through the use of a new "fuzzing" lab, which will barrage devices with assorted inputs in an attempt to find defects.

Ransomware a Major Threat

But according to Europol, the EU's law enforcement agency, defensive measures will only serve to mitigate—not eliminate—risk.

While the report is mostly focused on traditional cybersecurity threats, among the most interesting potentialities raised in the broad-based report is a new form of ransomware affecting medical devices. Though the use of ransomware has been around for several years—hackers generally commandeer a system, and often encrypt files until the user pays a ransom for the encryption key—Europol said it envisions a day when "novel variants" of ransomware might also affect medical devices.

Given the potential for device malfunctions to kill patients, this might very well be the digital equivalent of a hostage situation. And since many devices are implanted into a patient, simply swapping out an infected device for a new one isn't quite so easy.

Alternatively, hackers might also seek out medical information from patients and providers, which is often contained in medical devices and medical information systems, the report notes.

"Although the motivation for most data thefts is largely financial gain, the proportion of attacks for the purpose of espionage is steadily increasing," the report observes.

And in an era of increasing connectivity, patients may soon find themselves unwittingly in the firing line of both hackers looking to exploit them for money and those who would do them harm to make a statement.

 

Europol Report

Return to listing
×

Welcome to the new RAPS Digital Experience

We have completed our migration to a new platform and are pleased to introduce the updated site.

What to expect: If you have an existing login, please RESET YOUR PASSWORD before signing in. After you log in for the first time, you will be prompted to confirm your profile preferences, which will be used to personalize content.

We encourage you to explore the new website and visit your updated My RAPS page. If you need assistance, please review our FAQ page.

We welcome your feedback. Please let us know how we can continue to improve your experience.