It’s Insanely Easy to Hack Hospital Equipment, by Kim Zetter
Now is the time for IT healthcare professionals to have security related discussions with their Admin teams regarding hospital equipment that have web administration features and are networked. According to the article in the link below, hackable items include: drug infusion pumps, Bluetooth enabled defibrillators, X-rays, refrigerators, surgery robots, and digital medical records.
Common security holes like lack of authentication to access or manipulate the equipment, built in default passwords, hardcoded passwords, built in weak passwords, embedded web servers, and interfaces. Embedded web services provided a high security risk because they can be used to feed digital data directly to the patient records or they could be used to access the patient records for identity theft. This group of hired hackers, found out that there were very few equipment brands that were firewalled from the rest of the network in a hospital and provided easy access.
Increasing your Admin Team’s awareness of the risk, pushing back on the vendors to remove default passwords and add firewall security, and having technology professionals involved in any network or wireless related Internet of Things purchases for hospitals is the key to mitigating risks to patients and hospitals.