Thousands of medical devices are vulnerable to hackers

October 3, 2015  18:38

Even the medical sphere is not safe from attackers as new research reveals that important medical machines such as those meant for MRI, x-ray scanners and drug infusion pumps are also susceptible to hacking.

Per a research conducted by Scott Erven and Mark Collao - security researchers - nearly 68,000 medical systems belonging to a major health group in the U.S. have been deemed vulnerable to attacks.

Collao and Erven shared their findings at a hacker conference in DerbyCon, divulging that hackers could attack medical systems from a "large, unnamed U.S. health group" as they were accessible online.

Using Shodan, a search engine that ekes out Internet-connected devices, the researchers managed to gain access to the interfaces belonging to several medical devices. Through smart searches, using terms such as "podiatry" and "radiology," the research team located the devices and created an in-depth picture of those being deployed by the health organization in question. The details included the location of the medical device in a specific building.

Moreover, the data of a device is not the only thing which is vulnerable to hackings, but "direct attack vectors" that the team identified could be deployed by attackers to rob a patient's data from the medical device.

With more and more medical equipment becoming connected to the Internet to aid the electronic recording of data, the risk of privacy and safety being compromised becomes greater. A hacker looking to wreak havoc can potentially alter the medical record of a patient, as well as their treatment process plans. This could turn into a significant health risk.

"As these devices start to become connected, not only can your data gets stolen but there are potential adverse safety issues," notes Erven.

The researchers also ran a software which posed to be an MRI machine. This was meant to be a honey trap for hackers. During this six-month period, the research team noticed several attempts were made to log-in to the device. Alarmingly, 299 attempts to install malware were made. This indicates that the same pattern may exist in hospitals worldwide.

This is not the first instance questions pertaining to the security of medical equipment that are connected to the Internet have been raised. Per Munro, "Medical devices should not be available on the public internet. They should be behind multiple layers of protection."

Follow NEWS.am Medicine on Facebook and Twitter


 
  • Video
 
 
  • Event calendar
 
 
  • Archive
 
  • Most read
 
  • Find us on Facebook
 
  • Poll
Are you aware that in 2027 medical insurance will become mandatory for all Armenian citizens?
I’m aware, and I'm in favor
I’m not aware, and I'm against
I'm aware, but I'm still undecided
I'm not aware, but in principle I'm in favor
I'm not aware, but in principle I'm against
It doesn't matter to me