Hackers could take control of medical devices, McAfee warns

News
Garrett Sipple

Research published by cyber security company, McAfee, shows it is possible to modify real-time patient heart monitor data by hacking into a hospital network and gaining control of medical devices.

The report published by McAfee proves that hackers could easily alter patients' vital signs by emulating data sent from hacked medical equipment to a central monitoring system usually watched by healthcare professionals to track records of multiple patients.

For the purpose of this research McAfee specialists purchased comparable equipment used in healthcare, such as a patient monitor and ECG simulator, and linked them in a network mimicking standard configuration.

According to the report, the security protocol used in some of the most critical systems in hospitals is prone to cyber-attacks.

In the emulation they were able to take advantage of a weak communications protocol to send data from a heartbeat monitor to a central monitoring station.

Even more concerning is that McAfee researchers were able to modify the vital sign data in real-time, providing false information to medical personnel by switching the heartbeat records from 80 beats a second to zero within five seconds.

Cyber attacks aren’t the only issue when it comes to medical device security.

The survey conducted by Synopsys and Ponemon last spring, found that in 38% of cases of medical devices breach, inappropriate healthcare had been delivered to the patient – and that could be lethal.

[caption id="attachment_45898" align="alignleft" width="90"]Garrett Sipple, Synopsys Garrett Sipple[/caption]

Garrett Sipple, managing consultant at Synopsys, said: “This is another example of recognising the importance of security as it plays a role in maintaining the safety and effectiveness of medical devices.”

“Medical devices often move through long product development cycles that can make them slow to react to new cybersecurity threats, especially if cybersecurity wasn’t even a key consideration in the development process.”

With the recent wave of ransomware attacks on hospitals, and medical providers, it is clear that the healthcare sector is being targeted by cyber criminals, and should be looking into its cyber security levels.

Two weeks ago, we were reporting about millions of Mexican health records, which have been freely available on the Internet and hackers attacking the Singapore government’s health database.

Back in May this year, the NHS was targeted by ransomware, which rapidly paralysed parts of the service and exposed its IT security failings.

profile mask

Piotr Wnuk