Thousands of medical devices at risk of being hacked

According to two security researchers, thousands of critical medical systems – such as MRI scanners, X-ray machines and drug infusion pumps – are at risk of being hacked.

According to PCWorld, the researchers revealed these risks are partly down to the fact that medical equipment is increasingly connected to the internet so that “data can be fed into electronic patient record systems”.


DerbyCon conference

Scott Erven and Mark Collao revealed that around 68,000 medical systems from a “large unnamed US health group” have been exposed.

Speaking at the security conference DerbyCon, the pair also announced that they had created fake medical devices, which attracted thousands of hackers.

According to the BBC, interfaces connected to medical systems were available through the search engine Shodan.

Erven and Collao used the search engine to locate exposed software from a number of health treatment providers as well as a big healthcare organisation.

They said that hospitals whose “networking equipment and administrative computers were exposed online” were in danger of attacks, as well as the exposure of patient data.

They added that this information could enable hackers to collate information on health organisations; for example, the location of medical devices.


Fake devices

For half a year, the two researchers created fake MRI and defibrillator machines – in the form of software that imitated the real machines – as a test to see whether it would appeal to hackers.

The fake devices witnessed thousands of login attempts, as well as attempts to download malware.

Related reading