It goes without saying that having to rely on a pacemaker isn’t an ideal circumstance for anyone, even considering that the device allows the patient to continue living a fulfilling life. This is why a particular discovery of a European-based research team becomes a shade or two darker: the team has concluded that it’s possible for a novice to send life-threatening signals to the device.
As a note of the results of their research into implantable cardioverter defibrillators (ICDs) the researchers described the potential dangers of ICD technology.
Pacemakers feature the capability to communicate with external technologies after being activated by a special magnetized device. This capability is generally of benefit to the patient, as their device can be read without an invasive procedure. However, if the patient is out of the doctor’s office within two hours, their pacemaker is still able to receive signals and instructions from any device. This puts the patient themselves at risk of a specialized cyber attack.
This risk can then be exacerbated by the attacker. By sending a signal to the pacemaker device, the device can be kept from returning to “sleep” mode, leaving it vulnerable to more attacks. During their studies, the researchers discovered how wide of a range these attacks could fall under.
Simply by analyzing the signals that the tested devices communicated with their equipment, the team was able to devise a variety of ill-meaning uses for a criminal to take advantage of. Capable of draining the device’s battery or reading the personally identifiable information stored upon it in the patient’s onboard medical records, a cyber criminal could easily make their target’s life miserable. Scarier still, the right message sent to the pacemaker could even turn it off, or activate its heart-shocking features unnecessarily.
The team confirmed that at least 10 varieties of the lifesaving device were vulnerable to the relatively very simple form of attack, without requiring any knowledge of the device itself. Scarier still, they were able to determine why the pacemakers were so vulnerable in the first place.
Putting it very simply, the manufacturers of the devices had relied on the lifesaving pacemakers just not being an obvious target for cyber criminals, and had therefore been satisfied without building a lot of IT security into them. It was this mentality of “nobody will consider this a target” that led to pacemakers becoming a target.
Now, as scary as this story is, this was fortunately conducted by researchers, and not dangerous criminals. Regardless, it’s still pretty unnerving.
So now every business owner should ask: Have I considered that my business might be a target?
Many SMBs hold the same mistaken impression as the pacemaker manufacturers do: there are bigger, more valuable, more obvious targets than my business, so I don’t need to worry about security so much. Unfortunately for these businesses, they are proven wrong so many times.
If you’re unsure of your level of IT security preparedness, give Think Tank NTG a call at 800-501-DATA. We can help you keep your IT optimally secure, and securely optimized.