While most people acknowledge the risk that their electronic devices may fall victim to cyber hacking, defibrillator users recently learned they may be vulnerable to more internal attacks as well.
Medtronic Inc., the world’s largest medical device manufacturer, has confirmed that more than 20 of its defibrillator models, monitors, and and programmer units may be vulnerable to cyber attacks, reported NBC. According to the company, the flaw could allow a hacker to access the device and change the settings using an unencrypted wireless protocol.
Last week, the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, released a bulletin assigning the security risk a vulnerability score of 9.3 on its 10-point scale. The bulletin stated that the flaw is significant enough to allow a hacker of “low skill level” to access the device.
Despite the high vulnerability rating, however, no known exploitation of the flaw has taken place, according to NBC. Both Medtronic and the U.S. Food and Drug Administration have advised patients to continue using the devices, noting that the defibrillators’ life-saving benefits far outweigh the potential risk.
According to the Cybersecurity and Infrastructure Security Agency, the likelihood of a successful attack is actually fairly low. As NBC noted, while the devices are technically easy to attack, their use of radio frequency transmissions mean an attacker would have to be in very close proximity (i.e. in the same room) as the targeted device.
While Medtronic works on a fix, the FDA has encouraged patients to use only remote monitors supplied directly by Medtronic in order to protect themselves from attack.
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.
