Hacked hospital equipment: the immediate assumption is that it’s a reference to the computers that store medical data, and not the machines controlling the amount of anesthesia given to a patient. In this increasingly interconnected world, where remote surgeries are fairly commonplace, the latter option is becoming more and more of a concern for healthcare providers. Who is to blame for this severe oversight, what can healthcare providers do to protect patients, and how can patients educate themselves about the potential threats?
Billy Rios, the expert in the field of hacked hospital equipment, demonstrated for a local ABC7 affiliate exactly how easy it was to hack into a hospital-grade x-ray machine, but to reconfigure and control it remotely. Considering their “white hat hacker” status, they just installed Donkey Kong onto the machine to prove their point; in real life, the situation could be much worse. To further show the high stakes associated with this vulnerability in the healthcare manufacturing industry, Billy explains, “‘We demonstrated that someone could take over an infusion pump and essentially change the dosage of medicine that’s being given to somebody…We’ve shown that we could crash the patient monitor or modify the data from a patient monitor so the data that’s going to the physician isn’t the right data.'” These examples paint a terrifying picture of the potential future of medical care if something isn’t done to fix these gaping cyber security holes.
So what are manufacturers doing to make their products safe? Not much, unfortunately – though Rios did mention Hospira’s (of Pfizer) newest product included cyber security protection (after initial warnings from the FDA), manufacturers aren’t held accountable for not incorporating cyber security safeguards. Something as simple as spending a few thousand dollars to patch these vulnerabilities could save hospitals tens of millions of dollars. But until their hands are forced, these products continue coming off the line without cyber security protection.
Currently, the only real patient protection is hospitals spending above and beyond to protect machines that should be protected in the first place. However, as we have always reiterated throughout these posts, it is imperative to protect every single entry and exit point within a network. Just as you would with a secure building, if one door is left unlocked that’s the only thing a burglar needs to steal anything at their disposal. Until manufacturers heed the calls of both hospitals and patients, these gaps will continue to be pervasive throughout the healthcare industry.