Hacking Medical Devices is easier than you think

By on April 25, 2014

If you only knew the extent to which hospital systems can be hacked you would be shocked.  The lack of healthcare security measures across several domains is surprisingly absent.

Scott Erven, who works as head of information security for Essentia Health, and his team were given access to a chain of Midwest healthcare facilities for a study on healthcare security that spanned two years.  It’s not only information systems that are vulnerable, but medical device security as well.  The FDA had warned about this last year.

For example Scott and his team found that drug infusion pumps used for morphine drips and chemotherapy could be remotely accessed to change dosages.   Another example they found blue-tooth enabled defibrillators could be manipulated to deliver random shocks and prevent shocks from happening.

Even equipment such as refrigeration for storing drugs and blood can have the temperature altered.  Their medical reports could also be access and records edited or changed to alter a patients diagnosis.  Erven’s team was also able to blue-screen critical equipment to make it reboot and wipe out configurations.

Altlough Erven didn’t identify specific brands or companies, he didn’t mention there were common issues across all vendors.  One of the main problems was lack of authentication methods and secure passwords.  Also once a device was discovered on a network, it was easy to access web based configuration interfaces and change the settings.

Not only were some of the smaller devices such as pumps and defibrillators accessible but also CT scanners.  They were able to log in to the CT and change the radiation dosage.

Another issue they discovered was with embedded web devices that can communicate directly with EMR systems.

Read the original article on Wired.com.




About dkorolyk

I've been involved in Healthcare IT and PACS since Y2k. Over the years I've been fortunate enough to be involved in a lot of interesting an diverse projects. My experience also includes numerous HL7/EMR integration projects as well as many hardware and software platforms. My three main areas of expertise include technical integration aspects of radiology, oncology and laboratory diagnostics.

You must be logged in to post a comment Login

Join 1000s of other Healthcare IT Professionals

Enter your email below to get the latest News on Healthcare IT, Training Events and Career Information

We hate SPAM too. Your email is safe with us.