Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patient Monitors Altered, Drug Dispensary Popped In Colossal Hospital Hack Test (theregister.co.uk)

Posted by timothy on from the machine-that-goes-ping dept.

It's not just hospital networks that are in danger; mask.of.sanity writes with this story at The Register: Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger. In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in medical responses that injury or kill patients. Full paper here.

13 of 75 comments (clear)

  1. Well by jarablue · · Score: 4, Insightful

    Um, don't hook them up to the network? Have nurses do actual work with written data instead of some need with always being online? I could be talking out of my ass here but everything doesn't need to be online. Really?

    1. Re:Well by Anonymous Coward · · Score: 2, Funny

      1973 called, they want their medical technology back. Please include a supply of leaches and a decent tome on the four medical humors. Oh, and a bone saw.

    2. Re:Well by Lisias · · Score: 2

      How do you think electronic medical records get updated, exactly?

      Using a secure intranet, bridged only to authorised pars using a VPN ?

      --
      Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
    3. Re:Well by Khyber · · Score: 2

      Leeches are still used medically today and with good reason, you ill-educated nitwit.

      Ditto bone saws.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    4. Re:Well by Khyber · · Score: 2

      "God forbid we try and track a patient long term, especially those with complex medical issues."

      What, too lazy to use a fucking fax machine?

      What're you going to do when your medical records system loses power and you can't access patient information?

      That's why every doctor's office I go to keeps a CARBON COPY BACKUP.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  2. "Popped" by Anonymous Coward · · Score: 2, Insightful

    This word is used twice this way in the summary. What does it mean to "pop" a dispensary or patient monitor?

  3. Security? Thats for nerds. by bazmail · · Score: 4, Insightful

    This is symptomatic of the general tech ignorant populace not caring about security intil its too late. This incident will blow over and security will be forgotten about again until the real bad guys come calling.

    The new IoT stuff is wide open to hackers too. People seem to only only care if they can control something with their iphone so can show off to friends. The sales people and manufacturers know this all too well and don't give a fuck about it.

  4. Come on by nospam007 · · Score: 2, Informative

    For the last 100 years any idiot could 'hack' the patient file hanging on the foot of the bed with a tool called a 'pen', changing 5 milligrams to 75 or whatever.
    Now you need some brains.

    1. Re:Come on by Fish+(David+Trout) · · Score: 3, Insightful

      For the last 100 years any idiot could 'hack' the patient file hanging on the foot of the bed with a tool called a 'pen', changing 5 milligrams to 75 or whatever.

      Quite true, but in order to do that you had to be physically present.

      Now you need some brains.

      Brains is not the problem.

      The fact that you can do such nefarious hacking remotely is the problem. You no longer need to be physically present.

      THAT is what is concerning.

      --
      "Fish" (David B. Trout)
    2. Re:Come on by jomama717 · · Score: 2

      "Hacking" a hand-written chart requires physical access to the chart, which requires physical access to the hospital room, which means you'll likely be seen by the front desk (who would need to actively let you in), security cameras, nurses, the patient etc. If the networked devices are vulnerable you could modify every chart from the back of a van in the parking lot or, worst case, from your parents' basement.

      --
      while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
  5. The paper says ... by Ihlosi · · Score: 3, Informative

    The paper says they didn't hack the patient monitor, only considered such devices as possible attack targets.

    1. Re:The paper says ... by SlaveToTheGrind · · Score: 2

      Where do you see that? Page 36 sure sounds like they did:

      On a disconnected network segment, our team demonstrated an authentication bypass attack to gain access to the patient monitor in question, and instructed it to perform a variety of disruptive tasks , such as sounding false alarms, displaying incorrect patient vitals, and disabling the alarm.

  6. Paper records suck to manage by sjbe · · Score: 2

    What, too lazy to use a fucking fax machine?

    Great, now you have multiple copies in random locations with no cohesion AND you need extra staff to manage all the extra paper. Congratulations for taking a bad system and making it worse.

    What're you going to do when your medical records system loses power and you can't access patient information?

    Every hospital has fallback procedures for this exact scenario. These include robust power backup including generators. Furthermore even if there is a complete power loss for a time paper records are not going to make things better, especially in a large hospital. I don't think you comprehend just how hugely inefficient paper records actually are to use. Ironic given that you are posting to a site like slashdot.

    That's why every doctor's office I go to keeps a CARBON COPY BACKUP.

    No they don't. My wife is a doctor and I've worked in hospital systems. I'm aware of NO medical office that keeps a carbon copy backup of all their paperwork. In fact I've never even seen a piece of carbon paper in a doctors office in the last 20 years.