Whether in the home or in the hospital, medical devices have become increasingly vulnerable to hacking as they've become network aware, says Daniel Mooradian, PhD, of the University of Minnesota's Technological Leadership Institute.
A tremendous need for security has cropped up, with hackers seeking to monetize healthcare data and even engage in ransomeware attacks.
"It's extremely expensive. Most medical devices aren't adequately secured, because security is not designed into them. That is a significant unmet need for medical device manufacturers to understand, to design security into their medical devices," Mooradian says. (See Mooradian and other experts discuss emerging medical trends at MD&M Minneapolis, September 21-22, 2016. Qmed readers get 20% off with promo code Qmed16.)
TrapX Security's recent MEDJACK 2 report even explains how attackers are evolving as they disguise sophisticated attacks within old malware wrappers as they steal sensitive patient information from hospital networks and sell it on the black market.
Investors appear to be catching on that cybersecurity is threatening medical device companies' bottom line. The situation became painfully apparent in late August when activist investor firm Muddy Waters Capital and cybersecurity outfit MedSec claimed that St. Jude Medical implantable cardio devices have major cybersecurity problems. The accusation sent St. Jude stock down nearly 5% in value on August 25, and the two sides have since been arguing the merits of the claims in public, with Muddy Waters even releasing video that is supposed to show a hack of a St. Jude pacemaker.
The latest plot twist comes out of the University of Michigans, where researchers tried to replicate Muddy Waters and MedSec's results but came up with inconclusive results, according to Reuters.
With St. Jude Medical a $25 billion acquisition target for Abbott Labs, the cybersecurity accusations are proving to be a messy situation.
[Sinister hands on keybord image by User:Colin / Wikimedia Commons, CC BY-SA 4.0]