How Data Leaks Are Compromising Hospitals’ Medical Devices

In April, a team of researchers led by Scott Erven, manager of information security at Duluth, Minn.-based Essentia Health, announced study results that showed the health system’s medical devices — ranging from drug infusion pumps to X-ray machines to electronic medical records — are easier to hack into than the system originally thought.

At this week's Shakacon conference in Honolulu, Mr. Erven will present additional research findings showing medical devices often "leak" data to the Internet, which would make it easy for a hacker to find and target medical devices connected to the organization's network.

This leakage is often the result of a poorly configured network, according to Mr. Erven. "It goes to show that healthcare [organizations are] very sloppy in configuring their external edge networks and are not really taking security seriously," he told Wired.

Because hospital and health systems' networks are often connected to other networks, such as those of pharmacies, laboratories or even other providers, the problem often extends well beyond the original organization, according to the report.

"We started running organization searches to identify hospitals, clinics and other medical facilities, and we quickly realized this is a global healthcare organization issue," Mr. Erven said in the report. "This is thousands of organizations [that are leaking this information] across the world."

Mr. Erven attributes the issue to HIPAA — because healthcare organizations are so focused on avoiding fines and bad press, other security requirements, such as ensuring networks only broadcast medical device data internally, often fall by the wayside, according to the report.

More Articles on Data Security:

Data Breach Update: Montana HHS Notifying 1.3M Patients of Potential Breach
Unauthorized Employee Access Compromises Data of 97k Patients at NRAD Radiology
Medtronic Computer System Hacked Twice Last Year

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars