Visitors Now:
Total Visits:
Total Stories:
Profile image
By Natural Society
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

Security Experts: St. Jude Heart Devices can be Hacked

Tuesday, October 25, 2016 6:47
% of readers think this story is Fact. Add your two cents.

(Before It's News)

Natural Society

Imagine having a device implanted in your heart to help it keep beating, only to be told there’s a chance someone with nefarious intentions could hack into it. That is exactly what experts are warning could happen to cardiac implants made by device maker St. Jude Medical Inc.

The frightening claim comes from the short-selling firm Muddy Waters, which said in a legal brief filed October 21 that experts from the boutique security firm Bishop Fox have validated its claims. [1]

Vulnerabilities

The concern centers around the Merlin@Home transmitter, which according to St. Jude, “allows efficient remote care management of patients with implanted cardiac devices through scheduled transmissions and daily alert monitoring.” [2]


Source: Boing Boing

The claims were made back in August by Muddy Waters founder Carson Block, who cited presentations by security experts that showed hackers could convert the Merlin@Home devices into “weapons” that could cause cardiac implants to stop delivering shocks to patients’ hearts. [3]

St. Jude’s chief technology officer Phil Ebeling said at the time that the claims were “absolutely untrue,” and that the device maker had “several layers of security measures in place” and conducts regular security assessments.

The medical device maker responded to Muddy Waters’ claims by filing a lawsuit against Muddy Waters on September 7. [1]

However, the 53-page Bishop Fox report released by Muddy Waters last Friday shows that St. Jude implantable cardiac devices are more vulnerable to hacking than the company either realizes or wants to admit.

According to Bishop Fox, this could be done in a number of ways. In 1 possible scenario, a hacker could remotely turn off the therapeutic functions of an implantable cardioverter defibrillator (ICD), then send a T-wave shock to a patient’s heart, causing ventricular fibrillation, which could lead to cardiac arrest.

Bishop Fox claims in its report that it tested the attacks from 10 feet (3 meters) away, but it is possible for someone to attack up to 45 feet away using an antenna, or 100 feet away using a transmitting device called a software defined radio.

The report was submitted in federal court in Minnesota as evidence by Muddy Waters in its legal defense.

Short sellers make bets that stock prices will fall selling borrowed shares so they can buy them at a lower price and profit from the difference. St. Jude alleges that Muddy Waters intentionally disseminated the information about the devices to manipulate its stock price, which fell 5% the day they went public with their claim.

Bishop Fox said it shored up Muddy Waters’ claim with help from well-known specialists in cryptography, computer hardware hacking, forensics, and wireless communications.

Risky Business

Medical-device hacking, or “medjacking,” sounds like a scary sci-fi move plot, but it’s so realistic and serious that the FBI warned about its potential in September 2015.


Source: Mass Device

The bureau warned:

“Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.”

Former Vice President Dick Cheney was so concerned about his heart defibrillator being hacked that he had the wireless connection disconnected several years ago.

The U.S. Food and Drug Administration (FDA) urges hospital network administrators and medical device makers to take these steps to prevent possible “medjackings”:

  • Limiting authorized access to medical devices that connect to the hospital network
  • Protecting individual elements of the device from exploitation
  • Designing the device to function in fail-safe modes
  • Creating retention and recovery modes for the device
  • Monitoring the hospital network for use
  • Evaluating network components
  • Installing security patches to networks if necessary

Sources:

[1] Reuters

[2] Boing Boing

[3] CNN Money

Mass Device


Storable Food



Source: http://naturalsociety.com/security-experts-st-jude-heart-devices-hacked-1948/

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.