Daily Archives: October 19, 2013

Before The Comedians Eat Up This Low Hanging Cheney Fruit

Posted on by

In connection with an upcoming book written with his cardiologist, former Vice President Richard Cheney has been making the rounds.  In an interview that will run on 60 Minutes Sunday night, and excerpted by the Associated Press (H/T The Washington Post), Mr. Cheney mentions that they disabled the wireless capabilities of his pacemaker in order to prevent it from being used by terrorists to kill him.

Yes, you read that right, and yes, it appears to have been a plot point on the terrorist melodrama Homeland.  It was also used in an episode of the modern-day Sherlock Holmes series Elementary and there are likely other instances of medical devices being hacked in fiction.

But it’s not crazy.  The Food and Drug Administration has guidance on how to preserve the cybersecurity of medical devices and networked equipment.

“Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations, including:

  • Network-connected/configured medical devices infected or disabled by malware;
  • The presence of malware on hospital computers, smartphones and tablets, targeting mobile devices using wireless technology to access patient data, monitoring systems, and implanted patient devices;
  • Uncontrolled distribution of passwords, disabled passwords, hard-coded passwords for software intended for privileged device access (e.g., to administrative, technical, and maintenance personnel);
  • Failure to provide timely security software updates and patches to medical devices and networks and to address related vulnerabilities in older medical device models (legacy devices);
  • Security vulnerabilities in off-the-shelf software designed to prevent unauthorized device or network access, such as plain-text or no authentication, hard-coded passwords, documented service accounts in service manuals, and poor coding/SQL injection.

“The FDA is not aware of any patient injuries or deaths associated with these incidents nor do we have any indication that any specific devices or systems in clinical use have been purposely targeted at this time.”

It’s also a focus of computer researchers, as this article from the October 2013 issue of Communications of the Association for Computing Machinery (yes, my employer’s journal) relates.

Main point – the Internet of Things can include things inside your bodies.  So ask your medical professionals about protections against biological and computer viruses.