Our cybersecurity is so bad that even pacemakers are getting hacked

If you know someone who has a pacemaker, they’ve probably been hacked.

Just because you’re not on the internet doesn’t mean that you can’t get hacked. Security firm WhiteScope says there are more than 8,000 existing security flaws from four different pacemaker manufacturers. This massive issue comes from third-party programmers allowing outdated software vulnerabilities instead of regularly updating their systems to protect users against scammers.

The study found that in all cases, programmers had non-encrypted file systems with removable media. This makes it easy and quick for scammers to hack into pacemaker programs to steal data.

Along with that, none of the systems require physician approval to update or change pacemaker information. That means anyone can hack into pacemaker programs and manipulate data without any sort of doctor authentication.

Imagine if someone could open your phone without a passcode or log into your computer without a password — and we’re talking about your heart here, not just your photo collection.

“Pacemaker systems are ‘system-of-systems,’” WhiteScope says. “There are essentially four components to modern pacemaker system deployments: the pacemaker devices, pacemaker programmers, home monitoring systems, and the supporting/update infrastructure.  All components are vital to the safe functioning of the pacemaker system.”

The report says the Food and Drug Administration has attempted to streamline updates but all programmers they studied had outdated software in need of major updates. One vendor alone had 3,700 vulnerabilities. In two separate instances, WhiteScope says they found actual non-encrypted personal information of patients in their findings, including Social Security numbers, full names, and medical data. The study says there is no vendor that is better than the others; they’re all bad.

This isn’t the first time pacemakers and other medical devices have had their security flaws exposed. This study names others as far back as a decade ago that detail how a lack in security was a threat to patient safety.

Unfortunately, nothing has changed to make these medical devices safer, even as we’ve all become more reliant and comfortable using digital systems and identity theft risks have grown exponentially.

Medical data keeps getting stolen

Medical hacks are nothing new. The more technology develops to make obtaining our personal medical data more accessible for us, the easier it will be for hackers to steal it.

A quarter of Americans have had their medical data stolen, and one-third of those hacks have happened inside the hospital. Like the pacemakers, if doctors and other health care providers don’t make drastic changes to how their systems are built and maintained, this will continue to happen. And the more it happens, the more financial loss we suffer.

It’s not just medical data, though. All our personal information is more prone to getting stolen regardless of where it is stored. Even your money is liable to get stolen straight from the bank these days.

More than half of Americans have been a victim of identity theft or know someone who has been a victim. Even with how common it is, Americans still don’t think they will be a victim — half don’t take any sort of precautions to protect themselves from hacks.

Unfortunately, companies aren’t looking to fix this anytime soon. Businesses would rather beef up the security measures they can see — the physical ones — rather than the ones they can’t. Many companies know that cyber attacks are coming, but very few are doing anything about it. Just like pacemaker manufacturers and programmers, companies still aren’t preparing for online hacks, even though they know they are coming. Vigilance is all on us.

free debt analysis call 855-654-9191

Meet the Author

Dori Zinn

Dori Zinn


Zinn is a freelance journalist based in Fort Lauderdale, Florida.

Family, Tech

health, identity theft, scams, Social Security

Related Posts

Article last modified on July 10, 2017 Published by Debt.com, LLC . Mobile users may also access the AMP Version: Even Medical Devices Aren’t Scam-Free - AMP.