February 25, 2016

"Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger."

The Register: In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in medical responses that injure or kill patients. by Darren Pauli

'They say other critical medical equipment could be accessed using the same attacks. The team examined 12 healthcare facilities, two data centres, a pair of live medical devices, and a couple of web applications open to deeply compromising remote attacks. The research, led by healthcare head Geoff Gentry, is documented in this paper Securing Hospitals [PDF].

'"On a disconnected network segment, our team demonstrated an authentication bypass attack to gain access to the patient monitor in question, and instructed it to perform a variety of disruptive tasks, such as sounding false alarms, displaying incorrect patient vitals, and disabling the alarm," the team says in the paper.

'"This attack would have been possible against all medical devices...likely preventing assistance and resulting in the death or serious injury of patients.'

No comments: