Furthermore, a group of students with no networking or IT expertise used Istan, an embedded system in a pacemaker to test the possibility of taking control of the device. By using brute force attack on the networking connected to the devices, they were able to find vulnerabilities in a router. These vulnerabilities could be used to access the pacemaker and hence tampering with functionality (Fahey, n.d).
Donahue and Rahman (2015), explained that the main reason why medical devices are vulnerable to hackers is that, no match effort has been put in place to provide strong security mechanisms for healthcare IT infrastructure. Unlike in banks and other financial institutions where security for data is their prime concern, healthcare facilities have been ignored as they are deemed to contain basic information that is unworthy to the malicious individuals. However, medical records are tremendously valuable to hackers (Sulleyman, 2017). According to Wright (2015), cyber-attackers are being paid between 1$ to2$ when sold on the dark web.
The defense mechanism found in many healthcare facilities are no longer effective to prevent today’s changing attack vectors. Furthermore, unlike enterprise devices and mobile phones that receive security updates regularly, medical devices do not receive regular updates because the change to software could mean recertification by healthcare regulators focusing on ease of use, reliability and user safety (Hamlyn-Harris, 2017). This means that regulators only focus on user safety and not protection against cyber-security attacks. Additionally, most embedded medical services do not have enough memory, battery life or processing power to compute cryptographic values that can be used to encrypt data in transit and storage (Hamlyn-Harris, 2017). As such, hackers will find it easy to take control of these devices and steal personal information.