Think Showtime’s Homeland started to get a little wacky in season two? Think again.
Hackers are breaching hospitals in new and slightly horrifying ways to gain access to medical records. New research shows that cyber criminals have gained access to broader hospital networks by hacking connected medical devices such as X-ray machines and blood gas analyzers.
According to a new report from TrapX Security, hackers are targeting these connected devices to gain access to sensitive personal data, including patients’ electronic medical records. These devices are good targets because they are connected to the Internet but cannot be protected nearly as well as other network systems. Further, they are often managed by third-party providers instead of hospital IT staff.
Another recent investigation has found that hackers can manipulate pumps to send a fatal does of of drugs into a patient.
According to TrapX vice president Moshe Ben Simon, “TrapX Labs strongly recommends that hospital staff review and update their contracts with medical device suppliers. They must include very specific language about the detection, remediation and refurbishment of the medical devices sold to the hospitals that have been infected by malware. They must have a documented test process to determine if they are infected, and a documented standard process to remediate and rebuild them when malware and cyber attackers are using the devices.”