MASSDEVICE ON CALL — Sensitive information from 3 nursing homes has shown up on hacker data-trading website 4shared.com, putting those clinics and their patients’ medical records at risk, according to the Wall Street Journal.
The website shares information on various networks, including firewall passwords, internet addresses for specific devices and other data that cyber-criminals could use to target the network and gain access. The discovered documents included information on 3 New York nursing homes: the Bronx Center for Rehabilitation & Healthcare, the Glengariff Healthcare Center and the Campbell Hall Rehabilitation Center.
Cybersecurity experts told reporters that healthcare hacking is a growing problem and that medical records are worth about $60 each on the black market, 3 times as much as credit card information. Criminals can use stolen medical records to commit Medicare and prescription fraud, according to the report.
The nursing home breaches were associated with hacks of their SigmaCare software, a medical record system sold by eHealth Solutions, but hackers need not target such records directly. Vulnerabilities in MRI machines and dialysis systems may provide access to a hospital’s network and compromise private information.
Read more of MassDevice.com’s coverage of medical device cybersecurity and hacking.
Hospitals and other healthcare stakeholders have grown increasingly concerned about the security of their internet-connected systems, including machines such as infusion pumps and patient monitors that communicate over the hospital’s network, but getting manufacturers interested has been a struggle, according to some cybersecurity experts.
Researcher and expert medical device hacker Florian Grunow told an audience at the European DeepSec conference last year that medtech vendors simply aren’t interested in security until they’ve been hacked or experienced some other digital dilemma that forces their hands.
"Vendors have little interest to cooperate," according to Grunow, a security analyst for German IT security company ERNW. "What is interesting is that vendors that do had an issue [sic], like a patient has been harmed by an exploding patient monitor, something like that, then they are interested."
"The vendors have to go through the pain of losing something, or breaking something, to make them see that they have to invest in security," Grunow added, warning that the ramifications of medical device digital vulnerabilities are different from security holes in cars or banks. "We are not talking about critical infrastructure that could cost a lot; we are talking about critical infrastructure that could cost lives."
Not many device makers have spoken openly about their interest (or lack thereof) in digital defenses, but industry titan Medtronic (NYSE:MDT) has said on more than one occasion that medtech cybersecurity is a "high priority" for the company. Medtronic later reiterated its commitment in a manifesto on cybersecurity, promising to keep a close eye on its devices and take action on any new vulnerabilities it discovers.
Mobile blood clot prevention device meets drug therapy
Scripps Health researchers report that a mobile compression device was just as good as drug therapy in preventing blood clots that can form after joint replacement surgery, without the negative side effects associated with blood thinners.
Read more
3 medtech trends shaping next-gen technologies
From robot-assisted surgery to 3D printed organs and edible diagnostics, medical device innovators are revamping traditional systems, leveraging 3D printing’s potential and turning to robots to revamp established methods of treating patients.
Read more
Brain rehabilitation at home
Boston startup Constant Therapy is turning Boston University’s portfolio of brain testing research into iPad-based tests that can help brain trauma patients undergo rehabilitation at home and on the go.
Read more
