Motherboard writes about a new worring secury issue in article Ransomware Is Coming to Medical Devices. It teells that according to a report released recently week by Forrester Research the number one cybersecurity prediction for 2016: “We’ll see ransomware for a medical device or wearable.”
Ransomware today is big business. Ransomware takes control of a computer and holds it hostage until the victim pays, usually in the digital currency Bitcoin. To date ransomware has hit Windows users hardest, although Android and MacOS users are now facing similar extortion.
Intel’s McAfee Labs also noted a huge spike in ransomware in early 2015, and worries about ransomware in the IoT space—including medical devices. And Kaspersky predicts the “nightmare of ransomware” to continue and “spread to new frontiers” in 2016.
“That’s a bold specific prediction” and “It’s definitely feasible from a technical standpoint”. The cybersecurity of most medical devices is poor. In June, the FDA warned health care providers to stop using a drug pump due to a rudimentary cybersecurity flaw. And in September, researchers reported that honeypots pretending to be medical devices attracted more than 50,000 successful logins and nearly 300 malware payloads.
Networked medical devices save lives. Despite the hacking risk, Corman remains positive about the future. he trade-offs are there, but it’s an informed trade-off.
I Am The Cavalry has published a five star Cyber Safety Framework to mitigate this threat in cars, and it’s planning to publish a similar report using medical device-specific language soon.