Short Bytes: When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.
While giving a talk at the Security Analyst Summit 2016, Sergey Lozhkin, a security researcher for Kaspersky, told how he was able to hack a hospital while sitting in his car outside the building.
Talking about the risks associated with a hospital hack, we’ve got an endless list on our plate. A cybercriminal can alter the patients’ electronic health records and turn a healthy person into a sick one. Changing the settings of the medical equipment also brings along a scary scenario.
Well, it was just a test and the hospital management gave the permission to test the computer network. This experiment was started to highlight the security risks the unprotected medical equipment pose. He got the inspiration to do so when he stumbled upon such equipment online through Shodan.
After finding that many of those devices belonged to the local hospital, Sergey contacted the hospital administration and brought the issue to the hospital management’s attention.
During the process, he discovered that due to the basic firewalls, he was unable to access any equipment via remote connection. Next, he aimed to crack hospital’s network by sitting in his car near to the actual building. Fortunately, he was close enough to reach the building’s WiFi.
Then he managed to reach a tomographic scanner that allowed him to access the patient’s records. “There are two groups of people who need to be alarmed by this question, more specifically — the developers of medical equipment and the hospital management boards,” the Kaspersky team notes in a blog post.
It’s inevitable to avoid injuries and doctors — so we are bound to put our trust into the high-tech medical devices used in the hospitals. This experiment shows the appalling condition of the Internet-connected devices that are just accidents waiting to happen. It’s a responsibility of the hardware and software developers to ensure the security of these devices who are constantly talking to the Internet without following proper security protocols.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.