From “White Hat Hackers Hit 12 American Hospitals to Prove Patient Life ‘Extremely Vulnerable'”
Forbes (02/23/16) Fox-Brewster, Thomas
Patient health is “extremely vulnerable” to digital attacks, according to a two-year research project. The research by Independent Security Evaluators (ISE), involved attacking medical organizations in controlled settings. Had the attacks been carried out by malicious hackers, they would have ended in patient injury or death, the study found. The report found that hackers could “easily” compromise patient health, by either stealing their data or by compromising medical data. In one of the attacks, carried out with permission, the white hat hackers found a server accessible over the Web, attacked other connected systems to pivot around the network, and finally gained access to one of many vulnerable patient monitors. In an offline setting, the researchers instructed the machine to sound false alarms and forced it to display incorrect vitals. In another scenario, researchers discovered they could manipulate the flow of blood samples or drugs from within the complex’s lobby. In a real-world situation, this could lead to mismatched prescriptions or contaminated blood. “Every single thing we looked at had these critical security issues that had implications on patient health,” said Ted Harrington, executive partner of ISE. “We believe if we had unlimited resources and unlimited time, we would probably find ways to attack patient health in any arena of healthcare.” Researchers looked at the security of hospital across the United States; however, the firm is not currently disclosing the names of hospitals.