Dissecting The Reasons Behind Medical Device Hacking

Founder and CEO of Alpine Security, a Cerberus Sentinel company, Bestselling Author of The Smartest Person in the Room, Ironman, metal fan.

Very few industries loom as large in the collective cybersecurity consciousness as the medical device industry does — and with good reason. But the reasons why hackers choose this industry are not always as clear-cut as they seem.

One of the most sinister scenes in the long-running U.S. spy drama “Homeland” was one that saw Vice President Walden of the United States murdered remotely via a security vulnerability in his pacemaker. While this storyline is clearly one that belongs on a high-octane TV drama, the reality is that this narrative is grounded in fact. Dick Cheney, George W. Bush’s real-life vice president from 2001 to 2009, was sufficiently scared of a similar event. He felt the threat so real that the wireless capabilities in his own pacemaker were disabled in order to prevent this method of assassination from becoming reality.

Personal medical tech is an attack vector that is at the distinctly sexier end of a much larger problem: cyberattacks against medical devices and medical environments. Often the reasons behind a medical hack are more mundane, albeit no less sinister. The main driving force behind cybercriminal activity is the theft of medical or personal data for financial or political gain. I’ll be using this piece to explore some of the reasons why hackers may choose to attack a healthcare environment.

The Theft Of Health Information

When you get to the bare bones of an issue, the cybercrime economy is one of theft, with cybercriminals acting as the internet’s burglars. This remains equally true in a medical context. In terms of PII (personally identifiable information), medical data, often referred to as PHI (protected health information), is among the most sensitive data that can be made public, and its use by cybercriminals for extortion purposes could be immense.

Imagine, for example, if sensitive data from a sexual health clinic or a rehab facility were made public: Individuals — particularly those in the public eye — would be desperate to keep these intimate details private,…