Medical devices at risk for malware

Sensitive medical equipment, such as MRI machines are susceptible to cyberattacks.

Sensitive medical equipment, such as MRI machines are susceptible to cyberattacks.

Technology advancements have been a great boon to medical providers. Sophisticated computer systems have led to many benefits in the healthcare industry, including the ability to accurately monitor patient vital signs, catalog medical records, and implant remotely-monitored defibrillators, insulin pumps and other electronic medical devices inside patients. The downside to all of this digital tech integration is its vulnerability to malware.For years, hospital networks have been targeted by cybercriminals looking to profit from their repositories of valuable patient information, but those same security breaches could put critical medical devices in jeopardy, as well.

At-risk operating systems
The same interoperability that has allowed medical practitioners to cultivate a connected system has put their network at risk for security breaches. Staff computers, laptops and personal tablets are all access points for malware to infiltrate a hospital’s network. Many medical facilities’ internal networks run on outdated versions of the Windows operating system, which lack access to the security updates of newer editions. The fear that software modifications may violate regulatory provisions further intensifies the issue, as organizations are reluctant if not unwilling to allow updates and risk hefty fines. MIT Technology Review examined this issue and found that in one Boston-area hospital, more than 600 medical devices could not have its antivirus software updated due to the possibility of conflicting with FDA regulations.

There are so many medical devices connected via the network, virtually all of them are at risk for infection. The proliferation of malware has been so expansive, hospitals do not even need to be individually targeted to come into contact with a virus or trojan horse. Given the precise nature of medical equipment any alterations could have devastating results. Diagnostic machinery, such as magnetic resonance imaging and compounders that handle intravenous drug and nutrition distribution are at risk for infection. Any disruption in a critical patient’s drug regimen could have life-threatening consequences. There has also been a reported instance of malware-infected fetal monitors operating at slower than normal levels.

Implanted devices’ vulnerability
The nature of medical device cybercrime is largely twofold: hackers either want sensitive information like patient records that can be used for profit or to gain access to a hospital’s large network of computers and ensnare them into a botnet capable of delivering large-scale cyberattacks. Most federal efforts to protect against medical cybercrime are launched with that assumption. However, some cybersecurity experts say another possibility needs to be considered. The General Accountability Office released a report in August 2012 highlighting the potential danger of cybercriminals targeting implanted medical devices. Affecting the functionality of a pacemaker or insulin pump doesn’t really offer any monetary benefit, but presents a significant risk to both hospitals and their patients.

With advancements in technology, these devices can now be monitored over a hospital’s wireless network. Physicians can even remotely make adjustments to an implanted defibrillator if they so choose. If a cybercriminal were able to access that network, he or she could alter that device, perhaps causing it to malfunction or shut down altogether.

Thankfully, there have been no reported cases of cybercriminals affecting the functionality of implanted medical devices. Nor has the spread of malware among hospital systems’ led to any patient casualties. However, medical facilities continue to be at risk and require a comprehensive, layered security system to keep hackers at bay. When the threatened medical devices in question have the capacity to affect a patient’s survival, their defense becomes a paramount concern.

Are you concerned about the threat of hospital cybercrime? What steps should be taken to protect medical devices from hackers? Tell us what you think in the comment section below!

 

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.