Hospital Security: Medical Devices and Bluetooth

Hospital Security: Medical Devices and Bluetooth

If you’re a healthy individual, you may be lucky enough to only have to visit your doctor once every year. However, if you have additional health issues, like diabetes or heart problems, you may be at the doctor more often. 

In the past few years the U.S. Department of Homeland Security, along with the Food and Drug Administration, has warned patients using Bluetooth enabled devices of potential breaches due to hackers gaining access to their systems. The concern is that malicious actors may try to gain control of the devices remotely and create problems, such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity. One of the ways for healthcare providers to better secure these medical devices is through patching holes in the security

What Medical Devices are Hackable

Various studies and research have been done revolving around the lack of security for some medical devices. One of the main problems found lay with embedded web services that allow devices to communicate with one another and feed digital data directly to patient medical records. More often than not, these web services are hackable, allowing attackers to gain access to private information, which allows the hacker to alter information, provide a misdiagnosis, or give the patient the wrong prescription. 

Additionally, there are more concerns with infusion pumps, implantable cardiovascular defibrillators, and CT scans. Many infusion pumps have web administration interfaces so that nurses can change the drug dosage levels from workstations. Oftentimes these workstations are not password-protected. With the defibrillators, they use a Bluetooth connection to configure the shock levels necessary for the patient. The defibrillators have default and weak passwords so that it can connect to various devices, so it can be guessed very quickly. Finally, with CT scans, hackers could potentially change the radiation exposure limits that are set for the patient. While this attack would be difficult to pull off, it is still possible. 

The healthcare industry is just now catching up to the medical device security problem. Recently, the FDA issued a notice to the industry about problems with hard-coded passwords in medical devices after two researchers found them in about 300 devices (including the ones listed above). Now, there is a cyber security clause that the FDA has laid out that allows medical devices to be patched without requiring recertification by the FDA. 

Carson Inc. Combats Cyber Threats

Don’t sacrifice your security for convenience. Carson Inc. has been helping its customers fight the battle against cyber threats for more than 22 years. Our team consists of Information Assurance (IA) experts with advanced degrees and technical certifications, including CISSP, CISA, LPT, GWASP, and ISO 27001. Our staff has in-depth knowledge of IT security statutory and regulatory guidance. For more information email marketing@carsoninc.com or call (301) 656-4565.

You May Also Be Interested In