A tech security evaluation has found a whopping 8,000 software vulnerabilities in the code of pacemakers.
Security research firm WhiteScope carried out the assessment on implantable cardiac devices, physician programmers and home monitoring devices for four major manufacturers.
The researchers found a worrying consistency across all vendors, highlighting inherent system weaknesses in file system encryption and storage of unencrypted patient data.
The report notes that pacemaker security faces “some serious challenges”.
— RT (@RT_com) May 13, 2017
The recent WannaCry ransomware attack, which reportedly infected a medical device in a US hospital as well as medical services in the US and the UK, once again highlighted the potential implications of software vulnerabilities in the health sector.
The new study builds on earlier research which raised concerns over security flaws in cardiac devices such as the implantable cardioverter defibrillator (ICD) and the pacemaker, with WhiteScope researchers easily able to obtain subsystems for the four major vendors through public auction sites such as Ebay.
One particular concern is the use of third party components, software that is sold by a company other than the original vendor. These components often have vulnerabilities that go unpatched.
The report notes that as home monitoring devices receive updates to their permanent software, or firmware, via the patient support network, “the potential exists to perform a man-in-the-middle attack and issue counterfeit firmware” to the devices.
A total of more than 8,000 vulnerabilities in third party components…