Report: Evidence of Healthcare Breaches Lurks On Infected Medical Devices

chicksdaddy writes: Evidence that serious and widespread breaches of hospital- and healthcare networks is likely to be hiding on compromised and infect medical devices in clinical settings, including medical imaging machines, blood gas analyzers and more, according to a report by the firm TrapX. In the report, which will be released this week, the company details incidents of medical devices and management stations infected with malicious software at three, separate customer engagements. According to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets.

Malware at a TrapX customer site spread from a unmonitored PACS system to a key nurse's workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL), resulting in the leak of an unknown number of patient records. "The medical devices themselves create far broader exposure to the healthcare institutions than standard information technology assets," the report concludes. One contributing factor to the breaches: Windows 2000 is the OS of choice for "many medical devices." The version that TrapX obtained "did not seem to have been updated or patched in a long time," the company writes.

There's an app for that

[ArhcAngel]

The secure medical device market is heating up. It's why BlackBerry bought into NantHealth and partnered with them to deliver a secure mobile monitoring service.