13.06.2015 10:58

“Oh no, not again,” sings Rod Stewart in his 1984 song “Infatuation.” That’s how I felt in reading an early version of a report on medical device hacking from TrapX Labs, a cybersecurity research team within security system maker TrapX, scheduled to be released on 15 June.

The report, “Anatomy of an Attack–Medical Device Hijack (MEDJACK),” describes in detail three situations in which hackers were able to get into supposedly secure hospital networks, collecting valuable information, by targeting medical devices.

Once into the devices, the hackers were able to roam at will through hospital networks. Their goal was the valuable health insurance information in patient records—this, TrapX stated, is worth 20 times the value of a credit card record on the black market. But had they wanted to, they could potentially have taken control of the devices themselves. Here are the three incidents detailed in the TrapX report:

• A hospital where researchers discovered that three blood gas analyzers in the laboratory contained backdoors into the hospital network, and records were being sent to an unknown location in Europe;
• A hospital where hackers infected a Picture Archive and Communications System (PACS) in the hospital radiology department and then, using the PACS system, were able to move through that network collecting information and sending it Guiyang, China;
• A hospital where hackers installed a back door in X-ray equipment. From the compromised system, hackers were able to move through that network extracting information.

How could this happen?

Read the entire article here - http://spectrum.ieee.org/view-from-the-valley/biomedical/devices/hackers-invade-hospital-networks-through-insecure-medical-equipment

spectrum.ieee.org