|
We all know the real dangers posed by identity and electronic fraud. The danger is so real it has spawned its own industry and countless safety measures put in place, governed by corporate policy and government regulation. Yet, nothing much is known about the potential threats posed by medical hacking. We know hackers could attack and acquire large amounts of our personal information from the healthcare industry. But do we know whether hackers can really harm us? Could they have access to more critical systems than we know? Could they potentially take someone's life?
|
We speak with Prof. Majid Sarrafzadeh of UCLA to uncover this very disturbing cyber development. Prof. Sarrafzadeh is the Director of Embedded and Reconfigurable Computing Lab at UCLA.
Are the risks surrounding medical hacking real? Is this an urban legend?
There are many reports of hardware failure even when there is no "malicious" involvement such as implantable systems that have resulted in death
. Imagine the risk when hackers get involved (simply to gather information to sell e.g. to insurance companies or to harm an individual). An example from November 2007, is of malicious attacks against the Coping With Epilepsy website. Attackers placed images on the website that would induce seizures in photosensitive epilepsy patients.
How do the hackers do it? How many ways can they actually harm someone?
Hackers can do this in very similar manner as they have done in the past: The could break into servers and access electronic health records, they could break into individual systems such as glucose meters, holter monitors and worst, systems that do actuation such as a system that delivers electric shocks to the heart.
How difficult would it be for them to actually cause harm? Could a script kiddie do it?
Given that medical systems are relatively new and thus have less history of being secured, it is fair to argue they are relatively easier to attack as compared to say bank systems. Today we do not know the extent and types of attacks. And this very fact is indeed most alarming: The fear of the unkown.
Who are the most susceptible victims?
Unfortunately everyone using a medical system or device is susceptible, particularly those who use newer systems/devices.
Are we doing enough to safeguard our patients? Is this something which the government acknowledges?
There is yet a lot to be done to ensure we are safeguarding the patients. There is a need for a certification standard for these devices. These could be government based or private. Groups such as FDA are looking at these issues in more details and that is a good starting point.
What is the medical community doing to educate the public on the inherent risks?
Certainly not enough, perhaps because there is not enough motivation.
Not to harp on the doom and gloom angle, but do you think this situation can be rectified? Or will the risks always be there?
Certainly we can improve the situation by studying the problem and trying to solve them preemptively. Unfortunately it may be impossible to solve the problem for good (consider traditional computer attacks that are yet not resolved and will probably never be).
Will you be showing a demo about this at Hacker Halted? What will you be talking about at Hacker Halted?
Yes, I will show several medical system (both off the shelf and also some experimental systems) and will demonstrate how we can attack them (as a live demo).
Tom was 15. He followed a website link from an email. It was hacked.
Dick was 30. He had a pacemaker implanted instead. The hospital's system was compromised. Both were hacked.
Harry was 45. He was allergic to penicillin. His allergy was deleted from the system. Both were hacked.
Jane was 60. Her lab tests showing the malignant tumor was replaced. It was hacked.
Bob is 28. He might be hacking you right now.
|