Professional hackers from a security firm have recently proved they can, steal patient data, fake results and damage equipment, all of which can put the patients life at risk.
When you think about it, it’s not really hard to believe this is possible, cyber security experts have been warning about hospital equipment being hacked into before, as you will see in our article Pacemakers & Medical Implants are Susceptible To Mass Murder Attacks.
Yet This Serious Hacking Vulnerability Issue Continues
To Fall On Deaf Ears At Many Hospitals!
Many Developers Continue to put Profit Before Security
Most hospitals and medical clinics have sophisticated medical devices running on fully functional computers with an operating system, and have various applications installed on them.
To enable the Doctor to do his job, patient information is entered into these devices – devices that are usually connected to the internet. There goes the security of the information stored. The information is now available for an astute hacker.
As these sophisticated computerized systems are very expensive to maintain and/or replace, adequate security measures are often overlooked.
In a worst case scenario not only could a hacker steal the information to sell, they could kill a patient by…
- Changing the results on a health test – Could result in the patient being given the wrong treatment
- Deleting or changing the patients medical history – Could also result in the patient being given the wrong treatment
- Tampering with life saving devices hooked into the internet so they don’t work properly
- Confidential patient data could be stolen for extortion purposes
Expert Talks About How he Hacked the Hospital
Sergei Lozhkin an expert from Kaspersky Lab Global Research Analysis Team, did research into a private Medical Clinic’s systems (with prior consent from the clinic), to see how easy it would be to hack into, and disrupt the clinics computerized systems.
Alarmingly, it didn’t take Sergei long to hack into the clinics system, via the WI-FI system. He found the WI-FI system had not been configured properly, a problem that is quite common as developers often focus on making the device work to a high standard, and forget about the security side of things.
He was also able to find some of the clinics devices on the Shodan search engine, a search engine capable of locating where a device is when it’s connected to the internet.
From here, through many devices having default passwords that are easy to find in device manuals, it wasn’t hard to access the hospitals devices, and change any pre-set commands or information they stored.
As reported by the ibtimes: Earlier this year (2016) Los Angeles: Hackers demand $3m bitcoin ransom from hospital to unlock vital files: The Hollywood Presbyterian Medical Centre, located in the heart of LA, is now dealing with hackers who are reportedly demanding over 9000 bitcoins – which equates to roughly $3.6m – to release the encryption keys to computer systems that hold patient data, X-Ray scans, CT scans and crucial lab work. – see full article here
Article written by Wen Dee (May 2016)
Subscribe to Zip Zap Insights – Latest Articles