This should make you feel better. Especially under the current situation.
Palo Alto Networks Unit 42, an extremely well known and well respected group of security researchers, tested 200,000 network connected infusion pumps used in medical facilities.
75% of the devices tested had security vulnerabilities that would allow hackers to exploit them.
The purpose of the test was to assess the reliability and security of smart infusion pumps used by the healthcare industry. The vast majority of hospitals use smart infusion pumps.
If that wasn’t bad enough, the researchers say that the pumps were vulnerable to one or more of forty different known security vulnerabilities.
In addition to that, the pumps were also vulnerable to up to seventy other IoT device vulnerabilities.
Even though information about security measures was available, healthcare facilities have chosen not to protect the devices. There are likely many reasons including time and money, the FDA, manufacturers, old unsupported hardware and others but that won’t be considered good reasons if people start dying.
If a medical device is hacked, the hacker would likely want to cause panic. An example of that might be Russian hackers working on behalf of the government, mad at the U.S. and wanting to cause panic.
Unfortunately, the way regulation tends to work in the United States is that we wait until people die and then pretend we didn’t know about the problem. I hope that is not the case here, but I am not optimistic. Credit: Hackread