Security Testers Managed To Hack Hospital Patient Monitors And Drug Dispensers

Security Testers Managed To Hack Hospital Patient Monitors And Drug Dispensers

As part of a wide-ranging, two-year-long attack, hackers managed to breach the systems of a number of hospitals, exposing critical patient systems to wide-ranging attacks. Luckily, the hacks were just a drill, but the flaws exposed are scary as hell.

In a paper published by Independent Security Evaluators, white-hat penetration testers examined the systems of 12 hospitals, two data centres and some specific medical hardware. Using a variety of classic techniques — dropping infected USB drives next to computer terminals, or just plugging into publicly-accessible ports — the researchers gained control over some critical systems.

Most scarily, they found a way into patient monitors, which they could force to change at will — displaying false alarms or incorrect readings, which could easily lead to fatal treatment being given to patients. The team also found a way into the drug dispensary system, which could give the wrong medication to patients.

The prospect of a hack simply shutting down hospitals is scary enough on its own, but the paper demonstrates a malicious hacker could actively toy with equipment to kill patients.

Equally bad are the flaws that enabled the hack: it’s not one specific problem, but rather a systematic lack of good software and security policy that leave innumerable gaping holes.

Hospital hacking isn’t new, but until we’ve mostly been lucky enough that hackers go after data — there’s not much money to be made (yet) in killing patients. But with hospitals so easy to attack, and the stakes so high, it’s probably just a matter of time.

[Security Evaluators via The Register]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.