It’s bad enough to have to consider the threat of our mainstream data being hacked, but what if the threat was to successfully target and kill someone?
This is the finding of some students at the University of South Alabama who sought to hack a medical grade human simulation called iStan. Described as “the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems,” iStan costs about $100,000 and is regularly used by hospitals to teach medical school students how to perform procedures without murdering people.
The medical target here might be someone with a pacemaker which are apparently quite susceptible to hacking. Director of Simulations at the university, Mike Jacobs commented: “The simulator had a pacemaker so we could speed the heart rate up, we could slow it down. If it had a defibrillator, which most do, we could have shocked it repeatedly. If it was the intent, we could definitely cause harm to the patient. It’s not just a pacemaker, we could do it with an insulin pump, a number of things that would cause life-threatening injuries or death.”
The students were able to access iStan’s functions within a few hours and the technology was found to be vulnerable to denial of service attacks, brute force attacks, and security control attacks.
This exercise published in ‘arXiv’ was aimed at increasing awareness of the vulnerabilities of patients for the students and will reinforce the use of alternate or traditional techniques that do not rely on technology. Nonetheless, it was lucky it was just iStan. Whilst Jacobs advises it would be possible to encrypt wirelessly transmitted data sent between medical devices, it does mark a dark and cynical moment to consider this kind of threat being targeted at a senior business figure say in a FTSE 500 company with a discovered medical condition. Reminder to self: “Arrange BUPA check up and call in those connections at MIT”.