Hackers who have less technical knowledge about healthcare devices can now easily breach into medical gadgets, thanks to the increasingly poor security infrastructure built into these systems.
A security researcher with Kaspersky Lab successfully cracked into the network of a hospital based in Moscow, Russia and discovered a wide array of security loopholes that indicate a poor security practice adopted by the manufacturers of medical devices.
Securing medical devices is a critical step in the development of these products as it touches on sensitive matters such as health and privacy of patients. But the recent findings at Kaspersky Lab shows that the makers of these products do not seem to take the security and privacy of patients seriously.
Clearly, one does not need an expert background in healthcare because the Kaspersky Lab researcher admitted to having no background knowledge about medical devices, yet was able to hack the systems at the Moscow hospital.
This highlights the fact that software engineers fail to take into consideration the information security aspect when developing these products. And it should make us scare. Imagine having your medical data exposed to hackers who can even take control of the medical device that supports the life of an ailing person.
Now, there is an increasing attention that regulators give to the oversight of medical device security in order to address privacy concerns as stipulated in federal laws. Indeed, health care security is a trending topic in the regulatory landscape of the United States at present.
When a medical device is compromised, it is not only the information pertaining to patients that’s at risk, hackers can also gain access to critical devices such as MRI and even management tools, which when compromised by hackers could lead to detrimental consequences.
At the core of the problem with these devices is that the traditional software built into them have inherent vulnerabilities that can be aggravated when these devices are connected to the internet, which makes them accessible via remote servers.
There are thousands of hospital devices that now use the Shodan search engine. These hospital devices include MRI and radiology systems. And we know that Shodan does not pay respect to the privacy of individuals, and anyone who has access to it can view personal details of people from all walks of life.
The security researcher even found log-in portal for a CT scan machine at a Moscow hospital. What all these show is the low maturity of security in medical software tools.