3 Big Device Firms Hacked: SF Chronicle3 Big Device Firms Hacked: SF Chronicle
February 11, 2014
An individual described only as "a source close to the companies" has told San Francisco Chronicle reporter Thomas Lee that the computer networks of Medtronic, St. Jude Medical, and Boston Scientific were successfully targeted by hackers in early 2013. Thus far, the original Chronicle article is the only source for information about this latest hack.
The breach may have been open for as long as several months, the source said. Apparently the device makers were unaware that their networks were compromised until federal authorities told them. Federal privacy laws require them to report any intrusions in which patient data is compromised, and no such reports were made. All three companies say they are investigating the matter.
The source said the attacks showed signs of having originated in China and were "very thorough." As these three companies are on the cutting edge of medical technology, the hackers were likely looking to steal intellectual property, though clinical trials data may have also been targeted.
Denise Kaigler, Boston Scientific senior vice president of corporate affairs and communications, wrote in an email to the Chronicle that their information was "inaccurate," and also said, "Like many companies, Boston Scientific experiences attempts to penetrate our networks and systems and we take such attempts seriously. We have a dedicated team to detect and mitigate attacks when they occur as well as to implement solutions to prevent future attacks."
Neither Medtronic nor St. Jude Medical have released any statements or other information about the attacks.
Joshua Carlson, a Minnesota data privacy attorney and former IT manager at Best Buy Co., told the Chronicle, "Cyberthreats and cyberattacks are only going to get more sophisticated and more impactful to those companies breached. The economics of it are fairly simple: There is great reward and only slight risk for state actors, or hackers in other countries, to steal or attempt to steal as much intellectual property as it can from U.S. companies that are often decades ahead in technology and research."
Back in 2010, the Wall Street Journal reported the possibility for individual pacemakers to be controlled by a hacker, and in 2011, virtually the same warning was issued regarding insulin pumps.
About the Author
You May Also Like