Researchers Scott Erven and Mark Callao revealed breaches in the security of thousands of medical systems at the recent Derbycon conference. Hospital equipment including MRI scans and defibrillators are vulnerable to attacks from hackers putting patients lives at risk.
Medical device internet security must be tightened
While there is always a need for conventional medical equipment, including hospital bed castors used in patient care, there is also an increasing use of hi tech internet linked machines for diagnostic, healing and investigative uses. With wily hackers always on the look out for ways to penetrate cyber security this poses a risk for patients and medical practitioners.
There are breaches in the security of thousands of medical systemsClick To Tweet
The internet of things
According to an article in the authoritative computer magazine The Register, Erven and Collao discovered weaknesses in 68,000 systems used by one large US healthcare organisation. The potential breaches were discovered by exploring the search engine Shodan. This particular search engine is designed to track down ‘internet connected devices, where they are located and who is using them.’
Once the researchers played about with search terms and targeted clinics and hospitals they realised that WiFi connected medical equipment is vulnerable to hackers and can be used to steal patient data and other information. Many of the hackers don’t even realise that they are penetrating hospital machinery; they just carry out attacks to show off and wreak havoc.
In order to combat this growing trend, Caroline Rivett, the director of cyber security at global service providers KPMG, has called for greater awareness to the threats posed by hackers to vulnerable patients. ‘Medical device manufacturers should be designing and building cyber security into medical devices,’ said Ms Rivett. It’s not simply a loss of data that’s at risk, hackers could be able to manipulate treatment plans and even cost people’s lives.
Medical device manufacturers should be designing and building #cybersecurity into medical devicesClick To Tweet
Keeping up with the growth of technology
Technology has brought huge beneficial changes to many people’s lives but the medical device manufacturers stand accused of being slow to develop security systems to match the excellence of their healthcare equipment. It’s far more complex to solve a problem in the internet of things than it is to create a patch to protect a smartphone or PC from hacker penetration. The chief security director at security firm Kaspersky, David Emm claims that, ‘medical device developers must talk to security organisations before rolling out vital equipment for public use.’
Hope for the future
Even though these security revelations are worrying, at least the problem as been revealed. It’s now up to medical device manufacturers to work in tandem with security experts to ensure that their devices are secure from hacking. Though, as hackers can invade the Pentagon and other high security establishments any equipment that uses WiFi connectivity is always at risk from potential attack.
It’s only if manufacturers and developers work at speed to repair any weaknesses in their systems that the public can have total confidence in the security of hospital internet medical devices.