-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just to clarify some points from off-list messages:
I have no knowledge of ongoing or planned attacks. I was just searching for historic reports of any age. I wonder why powerplants, telephone systems, corporate IT systems are frequently affected by attacks, some just made for fun of causing damage, but there are nearly no reports on attacks on medical systems to cause damage, although these systems are quite widespread also. Possible answers might be (sorted by probability): * My guessing about the size of the attack surface of medical software is wrong. Is there any data available (statistical analysis, estimations), how big the attack surface of medical systems is compared to the surface of e.g. the power-grid system? * All hackers keep some sense of ethics, so that they feel it is OK to attack "technical" targets but find it inacceptable to attack the health of innocent people (if this is the main cause, terrorists might cause significant change in risk assessment of medical software and services) * There are reports, but I do not know about them (so I'm asking around) * Medical personal in hospitals with high grade of IT-system usage are so trained and skilled, so that they detect manipulation and no harm is done * Medical institutions do not talk about such incidents (here for example, they are closed systems, it took until now, that the government tries to keep records of accidents and prevented accidents) * Medical IT is so safe, that manipulation is not easy (Although data theft and mass virus intrusions seem to occur from time to time. And from what I have seen in clinics, it seems that the software is not always highly stable, which could indicate programming weaknesses.) * Government tries to suppress reports to avoid panic reaction (for many patients health and logic does not go together) or to inhibit terrorism in that area. Searching for myself, I found some information about one incident, which I might have heard of in the past: http://cyb3rcrim3.blogspot.com/2009/01/attempted-computer-murder.html When I heard the story back than it was about completed murder after administration of chemotherapeutics, where hackers altered the dosage just for fun. So it seems that this story back then was not reliable at all. - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFMYaM9xFmThv7tq+4RAtCtAKCLt0lagrhYQZS/BNCdvYHHnkca1gCfZKpW gkwqTHhxDoZs6f+nWlXEKSI= =k5RG -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/