Medical Device Hacking
CHARLOTTE, N.C. - So far, it has only happened in a controlled laboratory setting. Scientists, within about 65 feet of a medical device, were able to "easily" hack into an insulin pump and send info as well as commands. In another lab, scientists hacked into a pacemaker and sent unscheduled electrical pulses.
"This scenario is a real concern," says security consultant Theresa Payton. She served as Chief Information Officer under George W. Bush in The White House. She says public figures are priority targets for this sort of unorthodox hacking.
Former Vice President Dick Cheney's pacemaker developments made major news and could have attracted negative attention. "If somebody has the time, the motive and the money, they can go after this," she says.
Presbyterian Hospital tells us it implants between 40 and 50 pacemakers in its patients every year. CMC declined to provide us with their pacemaker numbers. And, since insulin pumps aren't implanted, the number of the devices in the Charlotte area is difficult to track.
The real life consequences are frighteningly obvious, but there are people working to figure out a way to protect you and we tracked them down. Purdue University Professor Anand Raghunathan and Princeton University Professor Niraj Jha. Raghunathan says, "It's (hacking into medical devices) just another tool potentially in the hands of the bad guys."
In nine months, the men and their team developed MedMon, short for "medical monitor." It works like your computer's firewall by recognizing an attack on your medial device is taking place and then stopping it. The functional prototype cost about $700, but the consumer cost is expected to be insignificant. The catch? It's a few years from market. MedMon still needs to be miniaturized for easy transport, there are still battery life concerns and it'll have to go through federal regulatory cycles.
The scientists say the bar for current medical device security is too low, not just for public figures but for you and me, too. However, "There is no need for concern right now. if you're using one of these pumps or pacemaker, the benefits far outweigh the risks involved," says Jha.
Payton says there is one thing you can do right now: protect your privacy. Keep careful track of who knows you use a medical device. She says, "I think privacy is going to be critical as these hackers get more advanced."
In addition to pacemakers and insulin pumps, Payton says mobility devices like computer controlled prosthetics could also be at risk of being hacked.
What's On TonightFull Schedule