Forget kidnapping, there’s a whole new 21st century way terrorists can hold your life to ransom

Lucy Goodchild van Hilten

It sounds like the stuff of action movies – you’re a ticking time bomb, with cyber terrorists gaining control of your pacemaker and holding your heart to ransom. Unfortunately, it seems this might not just be in the realm of fantasy.

According to a new report by Forrester, the biggest cyber security threat of 2016 is hackers hijacking our medical devices. Holding people’s pacemakers and insulin pumps to ransom could make hackers rich, and put millions of lives at risk.

Medical devices are no longer static – pacemakers, insulin pumps, surgical robots and MRI scanners are networked and online, making them part of the Internet of Things. This has great benefits and supports the move to personalised medicine that puts the patient in control.

However, it also opens the doors to opportunistic hackers. In the new report, Forrester predicts that hackers will release ransomware for medical devices in 2016. Ransomware is software that enables people to take control of a device until the victim pays a ransom.

Thanks to modern medical technology, 3 million people around the world have a pacemaker; ransomware could put these people at risk. It’s possible for someone to take control of a pacemaker or order a networked infusion pump to deliver an overdose of medication to a patient lying in hospital.

In June, the FDA recommended healthcare institutions should stop using the Symbiq Infusion System due to “cybersecurity vulnerabilities.” Worryingly, it seems many such devices are not secure. Stephanie Balaouras, an analyst from Forrester, told NBC News:

When it comes to preparedness, they’re woefully behind and that, to me, is the most concerning thing.

In late 2013, the Mayo Clinic – one of the most prestigious medical institutions in the US – decided to test its own security, by bringing in world-class hackers to mess with their devices, including “white hat” hacker Billy Rios. He was surprised to see how easy it was to breach the hospital’s security. He told Bloomberg Business:

Every day, it was like every device on the menu got crushed. It was all bad. Really, really bad.

Unlike computers, we can’t install our own security software on our medical devices. Essentially, this means our fate is in the hands of the manufacturers. Now the warning is out there, hopefully medical device companies will come up with better security measures before the hackers develop ransomware that could hold us hostage in our own bodies.

Featured image via Wikimedia Commons


We need your help ...

The coronavirus pandemic is changing our world, fast. And we will do all we can to keep bringing you news and analysis throughout. But we are worried about maintaining enough income to pay our staff and minimal overheads.

Now, more than ever, we need a vibrant, independent media that holds the government to account and calls it out when it puts vested economic interests above human lives. We need a media that shows solidarity with the people most affected by the crisis – and one that can help to build a world based on collaboration and compassion.

We have been fighting against an establishment that is trying to shut us down. And like most independent media, we don’t have the deep pockets of investors to call on to bail us out.

Can you help by chipping in a few pounds each month?

The Canary Support us

Comments are closed