Cyberwars: US Department of Homeland Security Issues New Warnings Regarding Medical Devices
Earlier this month, the Cybersecurity Infrastructure and Security Agency (CISA) issued a sobering warning regarding the possibility of Americans being victimized by cyberattacks from Iran in response to the heightened tensions between the two countries.
The immediate imagery that type of warning conjures up may relate to large-scale attacks against infrastructure targets including our power grid, nuclear power plants, our water supply and other sensitive targets that affect the lives of thousands of people. Another potential target for countries operating at militaristic disadvantage was just identified by the Department of Homeland Security’s Industrial Control Systems—Cyber Emergency Response Team (ICS-CERT).
The target(s) in question, include a population that is among our most vulnerable citizens – the elderly and medically compromised. These individuals, that rely on electronic medical devices for their very livelihood, are an easy sitting target for state-sponsored hackers looking to terrorize innocent Americans.
This kind of cyber operation has already been theorized in the imagination of television writers, as an episode of the Showtime series Homeland, where one of the show’s characters,’ Brody, gave a group of terrorists the serial number of the fictional Vice President’s pacemaker. The hackers were able to use the data to hack into the medical device and accelerate the VP’s heart rate which eventually killed him.
In addition to pacemakers, other medically related mechanisms that have been identified previously as potential soft targets for international cyber combatants include:
Medication infusion pumps distribute a wide variety of drugs, including antibiotics, insulin, chemotherapy drugs and pain relievers. Going back to 2017, ICS-CERT previously noted multiple vulnerabilities in wireless connected infusion pumps. According to the ICS-CERT report, exploitation of these vulnerabilities could allow hackers to gain access to the device and “impact the intended operation of the pump.”
Electronic Medical records
Your medical history and its security should be a major cause for concern going forward. Test results, health records, prescriptions and other information that is stored in the cloud are potential targets for hacks. In June of 2019, Quest Diagnostics—one of the testing laboratories in America—was victimized by hackers.
The medical and financial records of more than 12 million patients were accessed. The prevalent fear that exists around this type of hack involves the possibility of your medical information being manipulated in ways that can lead to a misdiagnosis or the incorrect prescribing of a medication or treatment plan.
One particularly notable instance of hacking affecting the healthcare sector occurred in 2017, when the UK’s hospital system was victimized as part of the infamous WannaCry outbreak. In this case, the attack disrupted the hospital’s operations to such a great extent, that in many cases, compromised patients had to be diverted to other facilities to receive crucial services.
The recent alert from ICS-CERT was focused on equipment including General Electric’s (GE) CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center (CIC) systems and the CARESCAPE B450, B650, B850 Monitors.
Although the aforementioned devices were highlighted in the ICS-CERT alert, the truth is, this threat is real, and a multitude of medical devices can be compromised at any time potentially endangering millions of Americans.
Written by Julio Rivera, Julio is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Townhall, The Hill, Newsmax and American Thinker.
Edited by Alexander Fleiss & Paul Marrinan