Abstract
Let me begin by saying I am not a doctor and I have zero medical training, but I do have over 15 years’ experience in the Intelligence Community. Let there be no doubt in your mind, this book is about he possibility of weaponization of medical devices by hackers wishing to injure patients in healthcare facilities. This chapter describes what I believe could happen if an attacker is able to hack into a hospital network that controls the functions or parameters of a connected active medical device (AMD). An AMD is one that interfaces directly with a patient to administer medical treatment. I’m sure in some cases I may have missed the mark, but I assure you that a persistent terrorist will enlist the services of biomedical technicians to create a viable cyber-physical attack on a hospital’s active medical devices if he so desires. The entire scope of armamentarium can be hacked.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Armamentarium means the equipment, methods, and pharmaceuticals used in medicine.
- 2.
TrapX Labs, “Anatomy of an Attack – MEDJACK (Medical Device Hijack)”, May 7, 2015.
- 3.
Darleen Storm, “MEDJACK: Hackers Hijacking Medical Devices to Create Backdoors in Hospital Networks,” Computerworld, June 8, 2015.
- 4.
Ibid.
- 5.
Randal C. Archibold, “Hospital Details Failures Leading to M.R.I. Fatality,” New York Times, August 22, 2001.
- 6.
Valentina Hartwig, et al., “Biological Effects and Safety in Magnetic Resonance Imaging: A Review,” International Journal of Environmental Research and Public Health (6), 2009.
- 7.
Food and Drug Administration Infusion Pump Improvement Initiative, http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/ucm202501.htm
- 8.
Kim Zetter, “It’s Insanely Easy to Hack Hospital Equipment,” Wired Magazine, April 25, 2014.
- 9.
nm=nanometer
- 10.
The threshold limit value (TLV) of a chemical substance is a level to which it is believed a worker can be exposed day after day for a working lifetime without adverse health effects.
- 11.
H. Alemzadeh, et al., “Adverse Events in Robotic Surgery: A Retrospective Study of 14 Years of FDA Data,” http://www.ncbi.nlm.nih.gov/pubmed/27097160 .
- 12.
“Trust me, I'm a robot,” The Economist, June 2006.
- 13.
Per government regulation, the word active represents “any device that is intended to be relied upon in deciding to take immediate clinical action” (21 CFR 8637 at 8644).
- 14.
21 CFR 880.6310
- 15.
21 CFR 880.9(c)(4)
- 16.
21 CFR 880.9(c)(5)
- 17.
“Software-related medical device recalls raise security, privacy concerns,” InfoSecurity Magazine, July 25, 2012.
- 18.
21 CFR 892.2010
- 19.
21 CFR 892.2020
- 20.
Kim Zetter, “It’s Insanely Easy to Hack Hospital Equipment,” Wired Magazine, April 25, 2014.
- 21.
“Cyber attack snarls Los Angeles hospital’s patient database,” Reuters, Feb. 17, 2016.
- 22.
JA Ansari, “Drug Interaction and Pharmacist,” Journal of Young Pharmacists, July–Sept. 2010.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Luis Ayala
About this chapter
Cite this chapter
Ayala, L. (2016). Active Medical Device Cyber-Attacks. In: Cybersecurity for Hospitals and Healthcare Facilities. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2155-6_3
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2155-6_3
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2154-9
Online ISBN: 978-1-4842-2155-6
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books