Home Explainers How Brainjacking Became a New Cybersecurity Risk in Health Care

How Brainjacking Became a New Cybersecurity Risk in Health Care

Threat actors leveraging the Brainjacking technique to obtain unauthorized access to neural implants deployed in a human brain.


In the present connected world, wireless IoT devices make human lives smarter and more vulnerable to security risks than ever. Almost every connected device can be hacked, from smart TVs to smart vehicles. In general, a cyberattack compromises the victim’s device and controls its operations. However, the most concerning issue for the health care sector is cyberattacks on implanted medical devices. Several cybersecurity experts stated that certain connected medical devices implanted in a human’s body or brain could be hijacked—they are calling this Brainjacking.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is Brainjacking? 

Brainjacking is a kind of cyberattack in which a hacker obtains unauthorized access to neural implants in a human body. Hacking surgically implanted devices in a human brain could allow an attacker to control the patient’s cognition and functions, potentially resulting in drastic consequences.

Brain implants also referred to as neural implants, are microchips that connect directly to a human’s brain to establish a brain-computer interface (BCI) in the brain that has become dysfunctional due to medical issues.

How Brain Implants are Hacked

The unauthorized control of brain implants was represented as science fiction in movies, but with advances in medical technology, it is now becoming a real threat. According to a research from the Oxford Functional Neurosurgery, medical implants become vulnerable to various cyberthreats.

The researchers stated that hackers leverage different mechanisms like Blind attacks to gain unauthorized access to an implant. A blind attack could cause severe damages to human implants, including cessation of stimulation, draining implant batteries, inducing tissue damage, information theft, impairment of motor function, alteration of impulse control, modification of emotions, and induction of pain, etc.

Also Read: 3 Common IoT Attacks that Compromise Security

Medical IoT Devices and Cybersecurity

Cyberattacks in the health care sector have become rampant recently. With multiple intrusions and attacks on connected medical devices, the health care providers continued to be the primary target for cybercriminals. In line with a research, around 83% of connected medical devices are at security risks for running on outdated software.

Earlier, the Food and Drug Administration (FDA) in the U.S. released a draft of premarket guidance for medical device cybersecurity. The draft comprises new recommendations for internet-connected medical device manufacturers on assessing cybersecurity in the review of medical devices to ensure protection against cyberthreats.

Will IoT Ever be 100% Secure?

The number of IoT devices is estimated to reach 83 billion by 2024, from 35 billion in 2020, which represents a growth of 130% over the next five years. With the growing cyberattacks on connected devices, IoT security has become a pressing issue to organizations globally.

Commenting on the same with CISO MAG, Chukwudum Chukwudebelu, CSO  and Co-Founder at Simius Technologies Inc., said, “The IoT technology will always improve, but it will never be 100% secure. As long as it is connected to the internet, there is always a risk. The best chance at cybersecurity is to reduce that risk. Since the internet was not built to be secure, rather, it was designed to be shared.  Industries are increasing the use of IoTs, and consumers are doing the same.

“In the next five years, many of these industries will become fully dependent on IoT devices. They will need to be secure to reduce risk, and the manufacturers of these devices, together with the cybersecurity companies and government, have to find a way to work together to deliver 100% secure IoT devices. By constantly keeping up with the threats and vulnerabilities while being on point to thwart or prevent an attack at a moment’s notice. There’s no such thing as the cyber police yet, but I am sure that it will become recognized and more prominent as a need with most law enforcement agencies.”

About the Author

Rudra Srinivas

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.