General Discussion

LiberalArkie

(15,716 posts) Fri Apr 25, 2014, 09:25 AM Apr 2014

Why It’s Insanely Easy to Hack Hospital Equipment

http://www.wired.com/2014/04/hospital-equipment-vulnerable/

When Scott Erven was given free reign to roam through all of the medical equipment used at a large chain of Midwest health care facilities, he knew he would find security problems–but he wasn’t prepared for just how bad it would be.

In a study spanning two years, Erven and his team found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.

Erven’s team also found that, in some cases, they could blue-screen devices and restart or reboot them to wipe out the configuration settings, allowing an attacker to take critical equipment down during emergencies or crash all of the testing equipment in a lab and reset the configuration to factory settings.

“Many hospitals are unaware of the high risk associated with these devices,” Erven says. “Even though research has been done to show the risks, health care organizations haven’t taken notice. They aren’t doing the testing they need to do and need to focus on assessing their risks.”

<snip>

http://www.wired.com/2014/04/hospital-equipment-vulnerable/

5 replies

= new reply since forum marked as read

Highlight:

Why It’s Insanely Easy to Hack Hospital Equipment (Original Post) LiberalArkie Apr 2014 OP

It's not really surprising that such devices aren't secure. MineralMan Apr 2014 #1

I think it was enough of a threat that Dick Cheny's pacemaker had its bluetooth turned off LiberalArkie Apr 2014 #2

Well, there's a specific threat there, of course. MineralMan Apr 2014 #3

What kind of sicko would one have to be to mess with hospital equipment? cbayer Apr 2014 #4

Why It’s Insanely Easy to Hack Hospital Equipment AllenSpangler Oct 2015 #5

MineralMan

(146,317 posts)

1. It's not really surprising that such devices aren't secure.

Reply to LiberalArkie (Original post)

Fri Apr 25, 2014, 10:32 AM

Apr 2014

I imagine that the level of threat for them is very small. That's not to say that they shouldn't utilize some sort of security to control access, but at what level? Password required? Well, that's a good idea, but it would be highly likely that the same password would be used at healthcare facilities for all equipment, since a variety of people would need access on a daily basis. So, that wouldn't be very secure, and wouldn't really be secure at all after a very short time.

The balance between accessibility and security is a difficult one, so the level of threat is part of the assessment.

Who would be likely to hack these devices? That's the question that is, or should be, asked. Convenience for the caregivers who must use these devices and on a frequent basis probably overrides the security concerns, I'd think.

LiberalArkie

(15,716 posts)

2. I think it was enough of a threat that Dick Cheny's pacemaker had its bluetooth turned off

Reply to MineralMan (Reply #1)

Fri Apr 25, 2014, 10:50 AM

Apr 2014

MineralMan

(146,317 posts)

3. Well, there's a specific threat there, of course.

Reply to LiberalArkie (Reply #2)

Fri Apr 25, 2014, 11:02 AM

Apr 2014

I don't think the threat is really measurable in normal circumstances, though. Apparently, that feature can be disabled, if necessary. Most of the devices mentioned in the OP were hospital devices, and are controlled by caregivers, as needed. I can see real issues with strong security in that situation. Some of those issues might cause delays in care that is needed, and the risk of some unauthorized person accessing the devices or even knowing that they can be accessed seems vanishingly small to me.

cbayer

(146,218 posts)

4. What kind of sicko would one have to be to mess with hospital equipment?

Reply to LiberalArkie (Original post)

Fri Apr 25, 2014, 11:08 AM

Apr 2014

I can understand the need to increase security for particular patients, but do hospitals really need another layer of bueracratic mess to ensure that they have high level security on all their devices.

Many hospitals are barely making it and the ones that treat the poorest and neediest in our country are the ones struggling the most.

The money they have needs to be spent on patient care, not issues like this.

And is there any evidence that this is a problem in real life? Are the people who are "revealing" all of this in the business of selling the fix?

AllenSpangler

(1 post)

5. Why It’s Insanely Easy to Hack Hospital Equipment

Reply to LiberalArkie (Original post)

Tue Oct 20, 2015, 05:32 AM

Oct 2015

Many experts say that generally hospitals are ignorant of the high risk linked with medical devices. Even though researchers usually warned about the risks, health care centers have not taken notice. The security experts knows that it's easy to hack some medical devices used in hospitals, thus security measures should be applied by the hospitals to avoid unauthorized access to such devices and encrypt all the data of patient.

Reply to this discussion