Are Medical Devices the Next Ransomware Target?


In today’s computer security centric world, most have heard of ransomware. Where a hacker essentially takes over your computer and demands a ransom from the owner to remove the user restriction. According to the FBI, the ransom fee is typically between $200 and $10,000 depending on the perceived value of the device under ransom. If you’re a casual or home computer user you may not even pay the ransom if you don’t have much value invested in your machine or have any important data stored on it. But what if your computer device wasn’t a computer?

Popular Science paints a scary scenario of pacemakers or insulin pumps being attacked in a ransomware hack, leaving people with perhaps little or no option but to pay. While there are no reported cases of this happening as yet, it’s a likely scenario given how late to the game medical device manufacturers are in keeping up with security needs. As the article states:

Unlike on a personal computer, individuals can’t put digital security measures in place to protect their biomedical devices. It’s up to the manufacturers of the device’s hardware and software to put the proper security protocols in place. Hopefully they can do so before ransomware becomes as big of an issue as predicted.

Many hospitals understand this threat and have placed stringent security standards in place for their suppliers, but are suppliers taking the appropriate action? Malware such as ransomware are well-known in the desktop environment but they may increasingly become a problem for medical devices; and since lives may literally be in the balance, these security flaws must be addressed.

Our enterprise-level solution, Cryptanium, has two main components that can help medical device manufactures introduce the security needed to prevent malware threats like ransomware. The first is Cryptanium Secure Key Box, a white box cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys. The second is Cryptanium Code Protection, a comprehensive tool for hardening software applications on multiple platforms. These two components work together to increase security protection against these types of malware threats.

The connected world we live in today goes beyond computers and mobile devices to automobiles, home appliances and medical devices; the security solutions that we rely on need to work harder to protect the people that rely on these devices.

Photo credit to Steven Fruitsmaak via Wikimedia Commons.