Healthcare is one of them most heavily targeted when it comes to cyberattacks. The only other industry that is targeted as much more than healthcare is typically financial institutions and government agencies (no surprise there). One of the main ways that healthcare companies are targeted is through the interconnected devices that exist in the building. If you think of a hospital room, you can imagine all of the different devices used to monitor the patient, collect information on them, administer drugs and so on. There is a high level of integration of these devices and this means that if any one device is compromised it can spread throughout the network quite easily.
What’s the risk?
There are approximately 10-15 connected devices per hospital bed in the United States. Each of these represents a potential entry point for a hacker. Not only does this pose a risk to the hospital itself, but also patients. The increased use of pacemakers for example, means that not only can harm be done to the company but also individual patients. This is only 1 of the medical devices that hackers may target but there are many devices that pose a big risk if they are hacked. Here’s five of the most dangerous medical devices that a hacker could compromise:
As mentioned previously pacemakers are incredibly dangerous because of their ability to be fatal if affected severely. Over 465,000 pacemakers have been recalled from Abbotts by the US Food and Drug administration due to a vulnerability that would allow hackers to remotely disable the device.
Drug Infusion Pumps
In September 2017, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) identified problems with a number of syringe infusion pumps in U.S hospitals. A total of eight security vulnerabilities were found in the Medfusion 4000 Wireless Syringe Infusion Pump. These vulnerabilities allowed several different types of attacks including buffer overflows, hardcoded usernames and passwords that allowed for an automatic connection and MiTM attacks.
In May 2017 it’s suspected that North Korea stole a NSA hacking tool and used it to infect medical devices at U.S hospitals. It’s estimated that they were able to infect as many as 200,000 windows machines in hospitals and medical centers.
Heart Rate Monitors
The university of Washington discovered a security vulnerability in heart rate monitors that would allow for anyone with basic equipment to make the device deliver a big enough shock to induce ventricular fibrillation and a potentially lethal arrhythmia.
This is probably the most obvious example but a hospital’s network is necessary for the hospital to function effectively and supports hundreds if not thousands of devices. If an attacker is able to compromise this network with a ransomware attack or something similar then this could cripple the hospitals and affect thousands of people at once time.