Cybersecurity experts conduct hacker test on medical devices
Cybersecurity experts tested the vulnerability of software and medical devices at a group of hospitals, and they found hacking into the healthcare system is a lot easier than expected, reports WUSA9.
In a study conducted by Independent Security Evaluators (ISE), cybersecurity experts tested the hackability of hospital software and medical devices in charge of keeping patients alive. Of the 12 hospitals surveyed "100 percent were found to have critical security vulnerabilities which, if exploited, could result in patient harm or fatality," said Ted Harrington, ISE executive partner.
Over the course of two years, ISE was able to hack into and control patient monitors and breathing tubes, trigger a false alarm prompting hospital staff to administer unnecessary treatment, and they were able to bypass the online authentication process so that a medical device may be "weaponized" against a targeted patient.
Harrington’s study gives advice on how to protect against these attacks, including restructuring the hospital for this new generation of technology, sanctioning off specific IT and IS (information security) departments so that hospital and patient safety is always a top concern, and funding digital safety for employees to lower the risk of catching malware.
"...[H]ealthcare is a complex, highly regulated industry, in which it is often difficult to adapt quickly to evolving conditions. For these reasons, we felt compelled to create, publish and give away the blueprint outlined in our research. This will help a healthcare organization of any size plan for and execute the long term process of improving its security posture," said Harrington.