Fears of hackers targeting hospitals, medical devices

'Nightline' was on-site for the first-ever hospital cyber attack simulation designed to help doctors prepare for what cybersecurity experts say is a very real threat.
8:58 | 06/29/17

Coming up in the next {{countdown}} {{countdownlbl}}

Coming up next:

{{nextVideo.title}}

{{nextVideo.description}}

Skip to this video now

Now Playing:

{{currentVideo.title}}

More information on this video
Enhanced full screen
Explore related content
Comments
Related Extras
Related Videos
Video Transcript
Transcript for Fears of hackers targeting hospitals, medical devices
With a computer violence called petya pair looigz computers around the planet tonight we're going to look at what security experts say is a massive point of vulnerability for America, our hospitals. As well as the medical devices implanted in many of our bodies. A recent congressional report says the security of our health care systems is in, quote, critical condition. Tonight what two doctors slash hackers are doing about it. Thouts of computers around the world frozen. You can't read any e-mails. You can't read any files. Basically, your computer becomes a brick. Reporter: An ominous message taking over their screens. "Your files are no longer accessible. Send $300 worth of Bitcoin." Sometimes if you pay you getter data back. Sometimes they just take your money and move on. Reporter: The global ransomware virus known by some as petya that first took out computer systems in Ukraine has now spread to the U.S. Among those hit, computers in hospital near Pittsburgh. She called me and said surgery was canceled because the computers were down. Reporter: This after just last month a worldwide cyberattack by a ransomware virus called wanna cry shut down 65 hospitals in the uk. The virus reportedly affecting not just computers but storage refrigerators and even mri machines. This photo given to a reporter from "Forbes" reportedly showing a Bayer mri hacked by ransomware. The company said it put out a patch for the devices. And last January Hollywood presbyterian hospital in los Angeles paid out $17,000 after hackers took control of its computers. It was just odd to be at the hospital because all the signs said do not use the computers. I'm like, what's going on in and they said, well, we got hacked. Reporter: Cybersecurity experts now say this problem is getting worse. With hospital computers and medical devices becoming potential targets for hackers. We went from being prone and prey with no predators to the number one targeted industry last year in less than one year. So our relative obscurity is over. This pacemaker can be wirelessly accessed with that number. Reporter: It seems like something conjured straight out of our Hollywood nightmares. Remember that iconic scene from the second season of "Homeland"? Call a doctor. I don't think so. That TV fiction, researchers say, could now become fact. I'm killing you. Reporter: The potential threat was concerning enough that some years ago former vice president Dick Cheney had the wireless capability on his pacemaker turned off. Have you ever had a high heart rate before? We need to intubate. Reporter: To combat this problem doctors, security experts, and government employees recently converged upon the university of Arizona in Phoenix to witness the first ever simulated hack of a hospital. The event was organized by Jeff Tully and Christian demet, both doctors here. They're also both self-proclaimed hackers. When you say a hacker, everyone instantly think about darkly lit rooms, hooded characters that are variously typing and hacking the Pentagon. There's a lot of great hackers out there. They do good. When they find vulnerabilities in systems, they fix them. What here is vulnerable to hacking? Everything that's plugged in. Why are devices like pacemakers and ventilators connected to the internet at all? Because there's incredible functionality that can be used to the benefit of our patients. Pacemakers can be connected to things that monitor the rhythms and send them to doctors. These things can be good for patients and we don't want people turning away from the potential this has. Do you have any idea what you're in for? I don't. They've been very seefrktive with us. These doctors who have agreed to participate in the operation have no idea what's going to come in the door. Chest pain. He's losing consciousness. I can't feel a pulse. You don't have a pulse. Let's start cpr. Reporter: They do not know what everyone around them in this simulation knows. Do you have a cardiologist on the phone yet? Reporter: Three critical patients and the culprit, a massive cyber hack. The entire insulin dose. The whole thing went in. That was a calcium channel blocker overdose. Let's get ready to shock. So you had no idea that in was a hack? I knew there was a problem with the itd, but I had no idea it was hacked. Reporter: Looking on as Dr. Maureen Moe, a security resear researcher from Norway. She and her team of white hat researchers have figured out how to hack a pacemaker just like that scene from "Homeland." That famous scene from "Homeland" where a pacemaker's hacked-s that realistic to you? It actually is a bit realistic. It's not that far-fetched. Reporter: You which is scary for Marie because the pacemaker in her body is keeping her alive. In essence, are you saying that you hacked your own pacemaker? In a way I'm hacking my own heart. But the reason I do this is to prove that the security is not implemented well enough. Reporter: She buys pacemakers like this one for $500 on E bay so she and her team can hack them. It's not just pacemakers that are susceptible. Researchers say any device that can be plugged in as. At risk. And white hat hackers, you know, the good guys, say they can prove this. Watch this insulin pump. It just delivered an authorized dose of insulin. Now watch your screen on the left here. That code is a security researcher hacking into the device, causing it to deliver a second unauthorized dose. The researcher says the bug has since been patched. In San Francisco Billy Rios takes apart and hacks different medical devices such as pacemakers and insulin pumps in his own home. This device here is an infusion pump. This pump is going to control the rate of medicine or drugs that's going to be administered to a patient. Reporter: With an internet connection and a program he developed Billy is going to hack into this bedside infusion pump. These pumps have a firewall that's there. But it's very easy to turn off. And then once the firewall's turned off we're actually going to connect to the pum. Self and send a command. If this were connected to a patient it would send all the drugs to the patient. We're connected to the pump network over wi-fi. So you could be 1,000 miles away. You could be at a Starbucks, or you could be in a hotel or you could be in another country. It's almost as if the pump has a life of its own. Why is it so easy to hack health care? Health care's often running on very old unsupported systems like windows xp that they don't even get patches anymore. Hospitals tend not to invest in qualified security personnel. About 85% or more of the hospitals don't have a single qualified security person on staff. When a medical device is expected to live in the field for 30 years, the underlying software components are only expected to live, you know, in some cases two years to ten years. So there's a big mismatch there that we have to rectify. Reporter: Advamed tells ABC news in part, "The medical technology industry's chief priority is patient safety and medical device manufacturers take seriously the need to continuously assess the security of their devices in a world where the risks, no matter how remote, evolve." And the fda, which regulates medical devices, told us cybersecurity risks are constantly evolving and the fda has been working diligently to address medical device cybersecurity in all phases of a product's life cycle. Open the chest up. Reporter: Back at the simulation these doctors are frantically working to keep their mock patients alive. This has gone from worrisome to official really quickly. Reporter: Everything that could go wrong does. A patient with a pacemaker. It's been hacked. We're making first incision. Yeah, I feel the itd. That's the date of activity right now. Reporter: All of the pretend patients in this simulation, even the surgical dummies, lived. Thanks to these doctors. And while there aren't any known cases of illicit hackers manipulating somebody's pacemaker, Jeff and Christian are taking no chances. Do you guys ever look at each other and think it's not bad for a couple of hackers who've gone on to perhaps save a bunch of lives here. We're just happy we're not in jail. Thank you, doctor. Good job. Appreciate it. Thank you. Thank you. They're going to want to go talk to you. No. I love you but no. Maybe next time, Jeff. Okay. Reporter: Although if these hacker doctors succeed perhaps there won't have to be a next

This transcript has been automatically generated and may not be 100% accurate.

{"id":48343190,"title":"Fears of hackers targeting hospitals, medical devices","duration":"8:58","description":"'Nightline' was on-site for the first-ever hospital cyber attack simulation designed to help doctors prepare for what cybersecurity experts say is a very real threat.","url":"/Nightline/video/fears-hackers-targeting-hospitals-medical-devices-48343190","section":"Nightline","mediaType":"default"}