Security firm finds +8k vulnerabilities in pacemakers: 6 takeaways

More than 8,000 cybersecurity vulnerabilities exist in pacemakers on the market, according to a recent report from security firm White Scope.

Here are six things to know.

1. White Scope analyzed pacemaker systems from four major device manufacturers. Most of the systems included an implantable cardiac device, a home monitoring device, a pacemaker programmer — used to assess the efficacy of the heart implant and set therapy parameters — and a cloud-based platform to send data to physicians.

2. The firm identified about 8,600 security flaws with the pacemaker systems linked to outdated libraries used for programmer software.

3. White Scope looked at seven pacemaker programmers and found they all ran on out-of-date software with known vulnerabilities, according to Infosecurity Magazine. Some did not require physicians to authenticate a programmer or implanted pacemaker, meaning anyone within range of the system can change the pacemaker's settings using a programmer from the same manufacturer.

4. Researchers found the systems also stored unencrypted file data on removable media, leaving the devices susceptible to hacking.

5. White Scope purchased some of the devices via online auctions on Ebay and encountered unencrypted data — including Social Security numbers, names, medical data and other patient data — left on a programmer device.

"The patient data belonged to a well-known hospital on the east coast and has been reported to the appropriate agency," researchers wrote in the report. "These types of issues highlight the need for strong device disposal policies from hospitals."

6. The researchers contacted the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team so the device manufacturers may address the security flaws discovered in the White Scope report.

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars