• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » Report: U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

Report: U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

February 26, 2014 By Arezu Sarvestani

U.S. hospitals, medical devices rife with stealthy cybersecurity attacks

Unsecured medical devices represent an increasing risk for hospitals, with radiology imaging systems in particular named as a prominent "attack surface" for digital attackers.

Cybersecurity researchers at Norse released their report on the "epidemic of compromises at healthcare organizations," flagging radiology equipment, patient monitoring systems, and Internet-facing surgical and anesthesia devices as especially vulnerable elements of hospitals’ networked systems.

"The data analyzed was alarming," Norse researchers wrote. "It not only confirmed how vulnerable the industry had become, it also revealed how far behind industry-related cybersecurity strategies and controls have fallen."

Surprisingly, the most vulnerable elements of a hospital’s network appeared to be the security systems themselves, with virtual private networks and firewalls named the "biggest culprits" for emitting malicious traffic. Radiology imaging systems were in 4th place, after contact call centers and before video conferencing systems. Other vulnerable points included everything from printers and fax machines to surveillance cameras that could all be hacked relatively easily and used to access the hospital’s network.

The researchers collected data for a period of 13 months, reporting a total of nearly 50,000 "malicious events" affecting 375 U.S. healthcare organizations and coming from 723 different IP addresses. Some organizations were compromised the entire time, meaning they never caught wind of the breaches, Norse said.

"Health care’s critical information assets are poorly protected and are often compromised," the report concluded. "Edge security and access systems, medical devices, video imaging systems and call centers have all been suborned in compromises that, in some cases, went on for the duration of the data collection period of 13 months."

Exacerbating the issue are regulatory concerns that prevent device makers from updating their systems when vulnerabilities are discovered. One such rampant vulnerability is the persistence of hard-coded device passwords that grant any user high-level access and that the hospitals themselves are powerless to remove. Those passwords can often be found with a simple internet search, Norse said.

Read more of MassDevice.com’s coverage of medical device cybersecurity and hacking.

Once those devices are infiltrated they can be maliciously manipulated to potentially harm patients or used to access the rest of the hospital system, including patient medical records and payment information. A report released earlier this month found that sensitive information from a trio of New York hospitals had been discovered on a hacker data-trading website, putting patient records at risk.

Patient medical records can reportedly earn $60 apiece on the black market, 3 times as much as credit card information, as criminals can use the information to commit more valuable Medicare and prescription drug fraud.

Hospitals and other healthcare stakeholders have grown increasingly concerned about the security of their Internet-connected systems, including machines such as infusion pumps and patient monitors that communicate over the hospital’s network, but getting manufacturers interested has been a struggle, according to some cybersecurity experts.

Researcher and expert medical device hacker Florian Grunow told an audience at the European DeepSec conference last year that medtech vendors simply aren’t interested in security until they’ve been hacked or experienced some other digital dilemma that forces their hands.

Not many device makers have spoken openly about their interest (or lack thereof) in digital defenses, but industry titan Medtronic (NYSE:MDT) has said on more than one occasion that  medtech cybersecurity is a "high priority" for the company. Medtronic later reiterated its commitment in a manifesto on cybersecurity, promising to keep a close eye on its devices and take action on any new vulnerabilities it discovers.

Filed Under: Hospital Care, News Well Tagged With: Cybersecurity

More recent news

  • GE HealthCare expands digital imaging portfolio with enhanced MIM Encore software
  • Accelus wins FDA clearance for MRI compatibility of FlareHawk spinal implants
  • Presidio wins FDA IDE for ultra-low frequency neuromod, hires new CFO
  • Epiminder study backs implantable EEG tech
  • Neurent Medical wins FDA nod for next-gen chronic rhinitis treatment

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy