• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
    • Cardiovascular
    • Orthopedics
  • Wall Street Beat
    • Funding Roundup
    • Mergers & Acquisitions
  • Podcasts & Webinars
    • Podcasts
    • Webinars
  • Resources
    • About MassDevice
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Whitepapers
  • DeviceTalks Tuesdays
  • Coronavirus: Live updates
Home » Report: U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

Report: U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

February 26, 2014 By Arezu Sarvestani

U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

Unsecured medical devices represent an increasing risk for hospitals, with radiology imaging systems in particular named as a prominent "attack surface" for digital attackers.

Cybersecurity researchers at Norse released their report on the "epidemic of compromises at healthcare organizations," flagging radiology equipment, patient monitoring systems, and Internet-facing surgical and anesthesia devices as especially vulnerable elements of hospitals’ networked systems.

"The data analyzed was alarming," Norse researchers wrote. "It not only confirmed how vulnerable the industry had become, it also revealed how far behind industry-related cybersecurity strategies and controls have fallen."

Surprisingly, the most vulnerable elements of a hospital’s network appeared to be the security systems themselves, with virtual private networks and firewalls named the "biggest culprits" for emitting malicious traffic. Radiology imaging systems were in 4th place, after contact call centers and before video conferencing systems. Other vulnerable points included everything from printers and fax machines to surveillance cameras that could all be hacked relatively easily and used to access the hospital’s network.

The researchers collected data for a period of 13 months, reporting a total of nearly 50,000 "malicious events" affecting 375 U.S. healthcare organizations and coming from 723 different IP addresses. Some organizations were compromised the entire time, meaning they never caught wind of the breaches, Norse said.

"Health care’s critical information assets are poorly protected and are often compromised," the report concluded. "Edge security and access systems, medical devices, video imaging systems and call centers have all been suborned in compromises that, in some cases, went on for the duration of the data collection period of 13 months."

Exacerbating the issue are regulatory concerns that prevent device makers from updating their systems when vulnerabilities are discovered. One such rampant vulnerability is the persistence of hard-coded device passwords that grant any user high-level access and that the hospitals themselves are powerless to remove. Those passwords can often be found with a simple internet search, Norse said.

Read more of MassDevice.com’s coverage of medical device cybersecurity and hacking.

Once those devices are infiltrated they can be maliciously manipulated to potentially harm patients or used to access the rest of the hospital system, including patient medical records and payment information. A report released earlier this month found that sensitive information from a trio of New York hospitals had been discovered on a hacker data-trading website, putting patient records at risk.

Patient medical records can reportedly earn $60 apiece on the black market, 3 times as much as credit card information, as criminals can use the information to commit more valuable Medicare and prescription drug fraud.

Hospitals and other healthcare stakeholders have grown increasingly concerned about the security of their Internet-connected systems, including machines such as infusion pumps and patient monitors that communicate over the hospital’s network, but getting manufacturers interested has been a struggle, according to some cybersecurity experts.

Researcher and expert medical device hacker Florian Grunow told an audience at the European DeepSec conference last year that medtech vendors simply aren’t interested in security until they’ve been hacked or experienced some other digital dilemma that forces their hands.

Not many device makers have spoken openly about their interest (or lack thereof) in digital defenses, but industry titan Medtronic (NYSE:MDT) has said on more than one occasion that  medtech cybersecurity is a "high priority" for the company. Medtronic later reiterated its commitment in a manifesto on cybersecurity, promising to keep a close eye on its devices and take action on any new vulnerabilities it discovers.

Filed Under: Hospital Care, News Well Tagged With: Cybersecurity

In case you missed it

  • KeyCare raises $24M for virtual care platform
  • FDA says 44 more deaths have been reported in Philips ventilator recall
  • Paragonix reaches milestone of 2,000 organs preserved, transported for transplantation
  • Axonics expands IP portfolio with new patents
  • BD, Accelerate Diagnostics partner on rapid antibiotic testing
  • FDA clears VySpine’s VyPlate anterior cervical plate system
  • Technical Brief – “Understanding the Extensive OEM Benefits of Total Linear Motion Solutions.”
  • Exactech launches total hip arthroplasty system
  • Lensar announces first patients treated with Ally adaptive cataract treatment
  • HeartBeam submits heart attack diagnostic platform for FDA 510(k) clearance
  • GE Healthcare leads AliveCor Series F funding for ECG tech
  • New FDA ruling may lower costs for over-the-counter hearing aids
  • Data supports Sight Sciences’ Omni surgical system for glaucoma
  • Integra founder Richard Caruso has died
  • Moximed raises $40M for implantable shock absorber for knee osteoarthritis
  • Philips names Roy Jakobs as CEO amid ventilator, CPAP recalls
  • Shareholder lawsuit over BD’s Alaris pumps recall moves forward

RSS From Medical Design & Outsourcing

  • What Laura Mauri learned from a ‘firestorm’ in her first months at Medtronic
    Dr. Laura Mauri faced a monumental moment with former Medtronic CEO Omar Ishrak shortly after she joined the company as VP of global clinical research and analytics. It was late 2018, and Mauri — who’s now an SVP and the chief scientific, medical and regulatory officer at Medtronic (NYSE: MDT) — was in a meeting… […]
  • Senators seek post-market FDA study of pulse oximeters and skin color
    Democratic U.S. senators are prodding the FDA to launch a post-market study of pulse oximeters due to unreliable performance for patients with dark skin. Pulse oximeters estimate blood oxygen levels (SpO2) and pulse rates in patients using infrared light — usually on a fingertip — at home or in clinical settings. Blood oxygenation is one… […]
  • TE Connectivity opens global medical device prototyping center in Ireland
    TE Connectivity (NYSE:TEL) today announced it opened its global Propelus Prototype Center for medical devices in Galway, Ireland. The $5 million rapid prototyping center was built into its existing manufacturing site in Galway and directly connects TE engineers with customers to reduce development time and increase speed to market for lifesaving and life-improving medical devices. Propelus… […]
  • Contract manufacturer Minnetronix Medical launches its first in-house product, MindsEye
    Minnetronix Medical has launched MindsEye, making it the first medical device that the contract developer and manufacturer has conceived and commercialized. St. Paul-based Minnetronix Medical’s MindsEye is the first expandable brain access port on the market. The FDA cleared the device under the 510(k) pathway in August 2020. The minimally invasive device gives neurosurgeons deep… […]
  • What’s next for Jennifer Fried after leaving Explorer Surgical?
    Explorer Surgical co-founder Jennifer Fried has resigned from the company after selling it to Global Healthcare Exchange in October. Fried announced her departure last week on LinkedIn, saying she’s preparing for her next professional chapter. “It’s bittersweet — I’m so proud of everything our team has built and accomplished,” Fried wrote. “The time has flown… […]
  • The 24 best medical device innovations of 2022
    The Galien Foundation recently announced its nominees of medical device innovations for its 2022 Prix Galien USA awards. There are 24 medical technologies nominated for the annual award this year, up from 18 nominees in 2021. The Galien Foundation’s annual Prix Galien awards highlight devices, biotechnology and pharmaceutical products designed to improve the human condition.… […]
  • FDA issues new COVID-19 testing guidance to avoid false negatives
    COVID-19 testing should be repeated following a negative result on any antigen test, the FDA said in a move that could increase demand for diagnostics manufacturers. The latest guidance from the federal health agency is for negative COVID-19 antigen test results regardless of the presence or absence of symptoms. The federal agency said recent studies… […]
  • Confluent Medical expands Costa Rica manufacturing footprint for nitinol, complex catheter production
    Confluent Medical Technologies this week announced the opening of its new addition to its Costa Rica manufacturing facility. The expansion adds 66,000 sq. ft to its large-scale manufacturing center of excellence in Alajuela, Costa Rica to expand Confluent’s capacity for nitinol component processing and complex catheter manufacturing. “Confluent has experienced consistent and strong growth in… […]
  • FDA’s breakthrough medical device designations tally nears 700
    Stewart Eisenhart, Emergo Group The US Food and Drug Administration has granted almost 700 designations over the past seven years under a voluntary program for expedited regulatory review of medical devices and combination products that facilitate more effective treatment or diagnosis of serious diseases. According to recent metrics published by FDA, the agency has issued a total of… […]
  • Lifecore Biomedical’s owner plans to go all-in on contract development and manufacturing
    Lifecore Biomedical parent company Landec Corp. (Nasdaq:LNDC) plans to take the subsidiary’s name, leadership and headquarters as its own and sell off food businesses to focus on contract development and manufacturing. Santa Maria, California-based Landec said it will rename itself as Lifecore Biomedical “in the near future” and change its Nasdaq ticker to LFCR. Landec… […]
  • COVID-19 immunity test developers at MIT seek diagnostic manufacturer
    MIT researchers have developed a device for predicting an individual’s COVID-19 immunity and are looking for a diagnostic company to get it manufactured in large numbers and approved by the FDA. The lateral flow test uses the same technology as at-home rapid antigen COVID-19 tests to measure neutralizing antibodies for SARS-CoV-2 in a blood sample,… […]

Leave a Reply

You must be logged in to post a comment.

Primary Sidebar

DeviceTalks Weekly

August 12, 2022
DTW – Medtronic’s Mauri brings years of patient care to top clinical, regulatory, scientific post
See More >

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Medtech news in a minute?
We Deliver!

MassDevice Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us
Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy