Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Analysis, Inspection and Laboratory
LeftNav
Assisted/Independent Living
LeftNav
Clinical and Nursing Equipment
LeftNav
Design and Manufacture of Medical Equipment
LeftNav
Diagnostics Equipment, Monitoring and Test
LeftNav
Education, Training and Professional Services
LeftNav
Health Education and Patient Management
LeftNav
Health Estates Management
LeftNav
Healthcare Support and Information Services
LeftNav
Hygiene and Infection Control
LeftNav
IT and Communications in Healthcare
LeftNav
Materials
LeftNav
Medical Device Technology
LeftNav
Research and Development
LeftNav
Safety and Security
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Health Zone
Pro Security Zone
Web Lec
Pro Engineering Zone
 
 
News

Hacker control of drug delivery systems

Lancope : 15 June, 2015  (Technical Article)
IT security company, Lancope comments on the hacking threat to healthcare providers of remotely tampering with drug delivery systems
Hacker control of drug delivery systems


Recent reports have shown that a new hacking threat has the medical community alarmed as a security researcher says he's discovered a way for hackers to change the dosage of medications delivered by a patient's drug pump.



The security researcher, Billy Rios, had been testing several drug pumps for vulnerabilities. Earlier this year, he discovered that a hacker would be able to change the maximum level allowed for certain drugs, meaning that, if a higher dose of a particular drug was given, the device would not alert medical staff. The devices all have a "drug library" that holds information about maximum dosages for different medications, and Rios had discovered that access to that library didn't have to be authenticated, and anyone on the hospital's network could load a new one, with higher maximum dosages.



This wasn't too alarming, since Rios hadn't seen any way to actually change the dosage being administered itself. But then he kept on searching. He discovered that the same connection that exists in the pump allowing Hospira to access and update the device's firmware, can also be accessed by hackers to upload a faulty update. The system doesn't require authenticated and digitally signed updates. If you can update the firmware on the main board, you can make the pump do whatever you like.



Commenting on this news, Lancope CTO, TK Keanini, said: “The Internet connects computers around the world, and these devices have transformed over the years.  From giant systems that fill an entire room, to the Internet of Things, the Internet also connects us with cyber criminals; unfortunately, you will be a target of their activities, frequently without being aware. Now that practically every device we use – from printers to thermostats to medical equipment – is connected to the Internet, the security of ‘things’ has become a scarily large topic. In fact, by 2020, 26 billion objects will be connected to the internet. Unless we can quickly adapt to the Internet of Things, the next compromise will likely be on a massive scale and could affect the most intimate levels of our lives. Today you may tend to the security of maybe several devices. However, with the Internet of Things, you will add your car, all of the home and even medical devices as this story mentions. These talented bad guys will find a way to compromise the system and then you will need an update. Most people will never update these Internet of Things devices and herein lies the real issue.  Securing a system is about constantly being able to adapt to the changing threat environment. We have a hard enough time updating all our current applications, now add 30 more devices from 10 different vendors and you see the problem.”


Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProHealthServiceZone.com
Netgains Logo