Hacking: Penetration tests reveal that even blunt tools can crack medical devices

June 27, 2013 by Sony Salzman

Penetration tests conducted by cybersecurity firm SecureState further conclude that medical devices are vulnerable to fairly rudimentary hacking techniques, suggesting that the FDA’s recent efforts to boost security oversight don't go far enough.

Penetration tests reveal that even blunt tools in a hacker's toolbox can crack devices

A recent analysis of medical device cybersecurity tests shows that these devices are vulnerable to fairly straightforward hacking techniques, an increasingly serious concern as device security is directly tied to patient health and safety.

Cybersecurity firm SecureState conducted penetration tests on hospitals to reveal the top hacking vulnerabilities for medical devices such as IV pumps and X-ray machines, finding that medical devices are susceptible to fairly rudimentary hacks.

Sign up to get our free newsletters delivered straight to your inbox

The chart-topping threat was a "denial of service," a hacking technique that overloads a target with requests and causes the server to crash, suspending internet connection. Earlier this year a pair of security researchers used a denial-of-service hack to demonstrate that a Philips(NYSE:PHG) Xper hospital management system could be infiltrated and "owned" fairly easily.

Because medical devices are more delicate than computers, they are more susceptible to denial-of-service hacks, SecureState researchers said. These attacks could seriously harm patients if the devices are disabled for too long.