A team of researchers led by Scott Erven, manager of information security at Duluth, Minn.-based Essentia Health, found the health system's medical devices ranging from drug infusion pumps to X-ray machines to electronic medical records are easier to hack into than the system originally thought.
The results of the two-year study, presented Friday at Thotcon 2014 in Chicago, showed how easy it was for Mr. Ervan's team to break into these devices and alter, view or delete information.
"We had management backing to see what our risk exposure is across all healthcare systems," he told Wired magazine. "We tested every single device in our environment — various radiology stuff and MRIs, ultrasound and mammography systems, cardiology, oncology. We tested all of our lab systems, surgery robots, fetal monitoring, ventilators, anesthesia."
He soon discovered most of Essentia's devices were hackable, some quite easily. The vulnerabilities on the devices stemmed from weak user passwords, network interfaces that exposed vulnerable systems and unsecured administrative access, according to the report. Some of the issues are the responsibility of the vendors, some could be fixed by the provider organizations.
"Many hospitals are unaware of the high risk associated with these devices," Mr. Erven told Wired. "Even though research has been done to show the risks, healthcare organizations haven't taken notice. They aren't doing the testing they need to do and need to focus on assessing their risks."
Mr. Erven is not the first to raise the alarm on hospitals' cybersecurity. The Federal Bureau of Investigation recently issued a letter to providers explaining because their devices and cybersecurity systems lag behind other industries, they are more vulnerable to hacking and other threats.
More Articles on Cyberattacks:
15 Recent Healthcare Data Breaches
Boston Children's Hospital Experiences Repeated Cyberattacks
Healthcare Industry Vulnerable to Cyberattacks, FBI Warns