Hackers Penetrate Top Medical Device Makers

An anonymous reader writes "Hackers have penetrated the computer networks of the country's top medical device makers, The Chronicle has learned. The attacks struck Medtronic, the world's largest medical device maker, Boston Scientific and St. Jude Medical sometime during the first half of 2013 and might have lasted as long as several months, according to a source close to the companies."

Take what they can get

[cold fjord]

I imagine they'll take what they can get: IP, personal data, or just more computers to control.

If it really is China as suggested in the article that could make sense. China's population is going to be aging, and medical devices would be handy for either internal use or for another technology to develop and market.

This is interesting (FTA): "The medical device makers were not aware of the intrusions until federal authorities contacted them, and they have formed task forces to investigate the breach, he said."

Who do you suppose noticed the breaches, and how?

New Level of Ransomware

[Akratist]

Someone probably already wrote a sci-fi story along these lines, but I can easily see someone with an artificial heart, pacemaker, or some other medical device getting a phone call threatening to shut their thing off unless they make an extortion payment. While I think most of these are air gapped at the moment, it's inevitable that they will become more interconnected, especially as a means of delivering diagnostic information (aka "heartbeats", heh), at which point it will be possible to run exploits against them. Even if a person's devices aren't experiencing a legit attack, I can also see plenty of people being scared into coughing up dough because they won't know any better.