A security researcher revealed a hack on a single IV pump or a digital smart pen could blossom into a full-fledged breach exposing a healthcare organizations' patient records, according to Dark Reading.
Spirent SecurityLabs managing consultant Saurabh Harit will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat Europe this week.
Mr. Harit has already notified the affected vendors, whose names and devices remain secret, of the vulnerabilities. He added that the vulnerabilities have also already been patched.
Attacking the devices was easy, according to Mr. Harit, beckoning hospitals to improve cybersecurity efforts. He added the most surprising finding was the amount of patient data stored within a digital pen, which physicians use to prescribe medications and digitally transmit information to pharmacies.
"By far the most surprising thing we came across in our research was the amount of patient information that was available with the digital smart pen," Mr. Harit said. "We felt even if we breached it, we would not get a lot of information off of it because the healthcare organization said they did not store patient information on the device."
His work demonstrates that an attack on an internet of things connected device could compromise other hospital operations, including patient medical records.