New Threat for 2016: Ransomware on Medical Devices and Wearables
Internet security experts as well as a recent research reports suggest that ransomware is headed for medical devices and wearable health tracking devices in 2016, posing a serious threat to information security and personal health, they warn.
This alarm bell was rung by a new Forrester Research report, released in mid-November, which listed ransomware in wearables and medical devices as the number one cybersecurity threat for 2016.
Ransomware is installed in software like malware or a virus. But instead of corrupting, exposing, or stealing important data, it holds a computer or device’s data “hostage” and demands users pay a price (typically in Bitcoin, an online currency) to get the data back or risk harm.
As described by Motherboard, a ransomware threat could come via cell phone text message to someone with a pacemaker. Unless the person with that device pays up, the pacemaker will be programmed to malfunction.
Forrester’s prediction is bold and specific, Joshua Corman, founder of the Internet security advocacy group I Am the Cavalry, told Motherboard, but Corman and other experts say the technology to do such a thing is relatively simple.
“It’s definitely feasible from a technical standpoint,” medical device security researcher Billy Rios told the publication.”Given the urgency associated with these devices, I could see it as something that could happen next year. All that would be required from an attacker standpoint is small modifications to the malware to make it work.”
This isn’t the first inkling of weaknesses in medical devices. The US Food and Drug Administration warned of security flaws in Hospira infusion pumps, which were found to be vulnerable to hacking when connected to hospitals’ networks.