Are you secure? PACS, MRIs and other medical devices at risk of being hacked, says security experts
Michael Walter | September 29, 2015 | Radiology Business | PACS

If you think your patients and patient information are secure from hackers, you may want to stop and take a closer look.

According to a presentation made by two security researchers at DerbyCon 5.0 in Louisville, Ky., many healthcare provider computer systems and medical devices in the U.S. are vulnerable to hackers.

Scott Erven, associate director of the global consulting firm Protiviti, and Mark Collao, security consultant for security company Neohapsis, investigated the types of information hackers could potentially have at their disposal and what they could do with that information.

Using the search engine Shodan, which finds computers based on software, operating software or other specific details, Erven and Collao found access to tens of thousands of hospital computer systems and medical devices. This included a “very large U.S. healthcare system” with more than 12,000 employees and more than 3,000 physicians. The system included 97 MRI systems, 323 PACS Systems, and hundreds of other devices.

Erven explained that most modern medical devices have three primary vulnerabilities: weak default administrative credentials, known software vulnerabilities, and the transmission of unencrypted data.

Collao briefly put on his “bad guy hat” and explained that hackers could take advantage of these vulnerabilities and learn a lot about a healthcare provider, including employee names and the exact office building and floor number where the equipment is located.

Even if a hacker doesn’t plan on “doing” anything with that access, Erven emphasized that it is still a serious issue for that potential to exist.  

“It’s important to note that malicious intent is not a prerequisite for an adverse patient safety event,” Erven said.

Erven then said that sometimes it’s not even “attackers” who are hacking into devices. He shared the story of patients who were hooked up to an infusion pump while recovering from gunshot wounds. They felt they weren’t receiving enough medication. so they hacked into the device increased their own medication doses, and suffered serious overdose-like side effects as a result.

The Register initially reported on Erven and Collao’s presentation, going into more detail about  the technical side of this dilemma.

Also, Erven and Collao’s full presentation is currently available on YouTube

Michael Walter
Michael Walter, Managing Editor

Michael has more than 16 years of experience as a professional writer and editor. He has written at length about cardiology, radiology, artificial intelligence and other key healthcare topics.

Related Content

Hospital system data sharing initiative leads to 80% of patients accessing their imaging records
Radiology AI developer Deepc acquires Osimis image management platform
Sectra 'Best in KLAS' among PACS vendors; Agfa, 3M, Fujifilm and Nuance also make imaging list
Best in KLAS 2024 rankings released, showcasing medical imaging IT systems
Optimizing reading efficiency to address radiologist shortages
Radiology embracing the flexibility of imaging data stored off-site in the cloud

Design by Adaptive Theme
Trimed Popup
Trimed Popup