Friday, 12 June 2015

New Report Highlights Vulnerability of Medical Devices to Malware and Hacking


A recent report warns that medical devices are the next potential target for hackers – a finding that will further compound the worries of security professionals. TrapX, a firm that offers software and services for cybersecurity, has conducted a survey to see how vulnerable connected devices are to hacking and malware. The report is titled ‘Anatomy of an Attack-Medical Device Hijack (MEDJACK)’ and it presents three case studies wherein hackers were able to remotely control medical devices and even set-up back doors that allowed them open access to data contained within the healthcare records and systems.

While many of these threats go undetected, they do represent a very serious problem that could compromise the health and safety of hundreds of patients in leading healthcare institutions. And, it’s not just sensitive information related to healthcare that’s stored in these systems – often, financial details relating to patients and healthcare organizations are contained in the secured systems. This makes the threat of hacking even bigger, says GM of TrapX, Carl Wright in statement.

He said that sensitive healthcare records, in the context of hacking, are the new “credit card”. Healthcare records are thus on the crosshairs of hackers involved in organized crime. Using malicious software, the cyber thieves can target leading global healthcare institutions.

Furthermore, the report also shows how healthcare institutions run are sometimes unaware of malware running on their internal and external networks. As their activities go undetected, hackers have enough time to surreptitiously break into critical data.

The case studies show how malicious activity was detected by TrapX’s software in medical devices such as blood gas analyzers, picture archive and communications (PACS) systems, and on the imaging systems of hospitals. 

As a recommendation to guard against such attacks TrapX says that medical institutions should review contracts signed with suppliers of medical devices and implement standards to prevent potential attacks.

No comments:

Post a Comment