CT, MRI machines face the greatest risk of cyberattack, researchers warn

Feb. 1, 2018

Core medical equipment including CT and MRI machines remain vulnerable to cyberattacks, researchers have warned.

It was first back in 2012 when a security researcher highlighted the importance of securing not only our PCs but also our connected medical devices after it was found that bugs in transmitters could be exploited to deliver lethal shocks to pacemakers.

In the following years, thousands of medical devices have been found to be open to exploit online, and it was only last year that the US Food and Drug Administration (FDA) issued a “voluntary recall” for Abbott pacemakers, formerly of St. Jude, to update firmware against attacks which could drain battery life, allow changes in programmed settings, or even change the beats and rhythm of the device.

Now, researchers from Ben-Gurion University in Beersheba, Israel, have issued a new report warning medical professionals that this issue is not being taken as seriously as it should—especially as vulnerable devices can place patient health and, potentially, lives at risk.

The report explores how Medical Imaging Devices (MIDs), such as Magnetic Resonance Imaging (MRI) or Computed Tomography (CT) systems are becoming increasingly vulnerable to cyberattacks.

These devices are commonly connected to hospital networks, and with this connectivity, an avenue is carved for cyberattackers to exploit vulnerabilities in outdated firmware.

Vulnerable MIDs may result in attacks which “target the devices’ infrastructure and components, which can disrupt digital patient records, and potentially jeopardize patients’ health,” according to the researchers.

The team believes that attacks on MIDs are going to increase as vulnerabilities are uncovered in more and more medical devices, and as we’ve already seen, attackers have no qualms when it comes to targeting hospitals.

The paper includes a survey of organizations in the healthcare industry and their risk of compromise due to cyberattacks. The researchers concluded that MID machines “face the greatest risk” due to their “pivotal role in acute care imaging.”

Ransomware remains a key issue, according to the paper. Hospitals in the U.K. and U.S. have already fallen prey to this malware and in many cases, will pay the blackmail demand, rather than disrupt services further.

Ransomware attacks have proven to be successful against hospitals, and it may be that in the future, MIDs will become blocked or disabled as part of ransomware campaigns.

Ransomware is not the only issue at hand, however, as the team believes there are more attack vectors which could pose a serious risk to patient health.

These include tampering with parameter values to alter radiation levels, changing the pitch of machines to disrupt MID mechanics, disrupting scan signals to manipulate scans, and denial-of-service (DoS) attacks that can prevent machines being used at all.

Hospitals and regulators must come together to prevent what may be fatalities in the healthcare sector one day, should attacks continue.

ZDNet has the full story

Sponsored Recommendations

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...

Quantifying the Value of a 360-Degree view of Healthcare Consumers

To create consistency in how consumers are viewed and treated no matter where they transact, healthcare organizations must have a 360° view based on a trusted consumer profile...

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow