Scott Erven and Mark Collao, internet security experts, conducted a test to find out how easy it was to hack into medical devices, and presented their findings at the hacker conference Derbycon.
Here are five things to know:
1. Mr. Erven and Mr. Collao bought the smaller devices on eBay, extracted firmware and went to the manufacturers' websites.
2. For larger machines, they scoured the web using a search engine for Internet-connected devices called Shodan, which told them what their log-in page would look like and what to do next.
3. No matter the device model, the same default passwords were used repeatedly and in some case the manufacturer warned changing default passwords might void support because service technicians needed to know the passwords.
4. Mr. Erven cites two cases of patients in Austria who increased their morphine dosage by hacking into their own pumps.
5. In trying to bring awareness to this problem, the FDA will hold its second medical device security workshop on Jan. 20 and 21.