The Top 5 Healthcare Internet of Things (IoT) Vulnerabilities

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

The Internet of Things (IoT) is like a teenager, full of potential but still has some growing up to do. Just as the internet connects people, IoT connects our smart gadgets together. However, as with any fledgling technology, there are growing pains that can’t be ignored as connected devices become more integrated into Hospitals and our everyday lives. The following five IoT hacks demonstrate the current vulnerabilities in IoT and represent why Healthcare IT Professionals needs to make sure their IoT enabled Healthcare Devices are secured, protected and monitored.


1. The Mirai Botnet



This hack took place in October of 2016, and it still ranks as the largest DDoS attack ever launched. The attack targeted a DNS service provider Dyn, using a botnet of IoT devices. It managed to cripple Dyn servers and brought huge sections of the internet down. Media titans like Twitter, Reddit, CNN, and Netflix were affected. It was like the internet had a cold and everyone caught it. Hospitals nationwide were effected as well.


The botnet is named after the Mirai malware that it used to infect connected devices. Once it successfully infected a vulnerable IoT gadget, it automatically searched the internet for other vulnerable devices. Whenever it found one, the malware used the default name and password to login into the device, install itself, and repeat the process. It was like a game of dominoes, but with malware. Many of these devices had issues with outdated firmware or weak default passwords, which made them perpetually vulnerable and easy to hack. This attack demonstrates the importance of creating strong passwords and regular firmware updates. These updates often come with patches for current vulnerabilities, so you should never skip them. Creating strong, complex passwords for all your IoT devices is a must before adding them to your network. It's like putting a lock on your diary, but for your devices.


2. Hackable Cardiac Devices



IoT devices have tremendous potential in the field of medicine. However, the stakes are very high as far as security is concerned. This was starkly illustrated by an incident in 2017 when the FDA announced that they had discovered a serious vulnerability in implantable pacemakers. Anyone who has watched the Homeland will be familiar with this attack. It's like a real-life episode of Black Mirror.


In this case, the vulnerability laid in the transmitter that pacemakers used to communicate with external services. These pacemakers relayed information about the patient’s conditions to their physicians, which made monitoring of each patient much easier. Once attackers gained access to pacemaker’s transmitter, they were able to alter its functioning, deplete the battery, and even administer potentially fatal shocks.


3. The Baby Heart Monitor Hack



As more IoT devices are making their way into our homes, privacy is becoming a huge concern. For example, The Owlet Baby heart monitor may seem absolutely harmless, but the lack of security is what makes it and similar devices extremely vulnerable to hacking. It's like leaving your front door unlocked and expecting no one to come in. This is the same type of technology used in Health and Life Sciences organizations worldwide. All IP connected devices are potential attack vectors.


This is not an isolated case. In 2018 another IoT Device for Baby Monitoring was hacked, "Another baby monitor camera hacked | CSO Online."  These easy-to-hack baby monitors allowed them to target other smart devices on the same network. As it turns out, one unprotected device can make your entire home vulnerable and even your employer. It's like a chain reaction, but with hackers. 


4. The Webcam Hack



Nothing is worse than feeling like you are being watched. Except maybe for actually being watched through your Webcam. TRENDnet marketed their SecurView cameras as being perfect for a wide range of uses. Not only they could serve as home security cameras but also double as baby monitors. Best of all, they were supposed to be secure, which is the main thing you want from the security camera. But as it turned out, anyone who was able to find the IP address of any of these devices could easily look through it. Even large scale IP Camera are at risks seen by "Hackers reportedly breach hospital surveillance cameras, exposing the security risks of connected devices | Fierce Healthcare"


In some cases, snoopers were also able to capture audio as well as video. It's like having a peephole on your front door, but everyone can look through it.


5. The Vehicle Hack



Imagine an attack on an Ambulance needed immediately to save a life or even worse the same attack launched on multiple emergency vehicles at the same time. Cybersecurity Professionals must endeavor to protect their entire attack surface including their vehicle feet. This last attack to review was first demonstrated in July of 2015 by a team from IBM. They were able to access the onboard software of a Jeep SUV and exploit a vulnerability in the firmware update mechanism.


Researchers took total control of the vehicle and were able to speed it up and slow it down, as well as turn the wheel and cause the car to veer off the road. Scary stuff!! As more people begin to embrace electric vehicles and move towards driverless car technology, it is increasingly important that we make sure these vehicles are as secure as possible.


IoT promises to change our future, but at the same time, it poses severe security risks. Therefore, we should stay aware and learn how to protect our devices against cyber-attacks. High profile security lapses like those mentioned above only serve to reinforce the potential for disaster when security is neglected. Healthcare IT Professionals now more than ever give IoT based attacks the respect it deserves and put a program in place to mitigate these real-world risks.


Remember, how did the Hackers get away? They Ransomeware…Stay safe out there!

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.