Report: Ransomware attacks on med devices a real possibility in 2016
Ransomware will come to medical devices or wearables in 2016, Forrester Research predicts in a new report.
A Motherboard article poses a scenario in which a person's pacemaker is hacked to create chest pain, then receiving a text message: "Want to keep living? Pay us a ransom now, or you die."
Ransomware generally involves taking control of a computer system and holding data hostage until a ransom is paid to unlock it.
However, medical device security researcher Billy Rios says in the article that it's technically feasible to also render devices inoperable unless a payment is made.
"Given the urgency associated with these devices, I could see it as something that could happen next year. All that would be required from an attacker standpoint is small modifications to the malware to make it work," he tells Motherboard.
Victims of ransomware in the United States have reported losses of more than $18 million in 14 months, according to a FBI report issued in June, the Motherboard article adds.
Medical device security has been a growing concern among healthcare organizations, especially in the wake of U.S. Food and Drug Administration warnings about vulnerabilities in infusion pumps. Rios and other security experts have characterized the FDA as a "toothless dragon" in dealing with medical device security issues.
The Library of Congress, however, recently granted several exemptions to copyright rules that will allow researchers to hack medical devices in search of security and design flaws.
Phishing, ransomware attacks on health industry to rise
FDA a 'toothless dragon' on med device security, researchers say
Exemptions enable hacking of med devices for safety
Med device cybersecurity warnings will only grow, privacy expert says
Thousands of critical medical devices open to attack