Thousands of critical medical systems, such as MRI machines, are available for hackers to access online, according to researchers.
Some 68,000 medical systems from a large unnamed US health group have been exposed, Security researchers presented their findings at hacker conference Derbycon .they had created fake medical devices which attracted thousands of hackers.
Interfaces connected to medical systems were available via search engine Shodan, The researchers used Shodan – a search engine specifically for internet-connected devices – to look for exposed software from a range of health treatment providers, such as radiology and paediatric clinics, as well as one large healthcare organisation.
Hospitals whose networking equipment and administrative computers were exposed online risked attacks and the exposure of patient data,Such information would allow attackers to build up details on health organisations, including exact information about where medical devices were housed.Then it would be a case of “crafting an email and sending it to the guy who has access to that device with a payload that will run on the machine”.
Presenting their findings at hacking conference Derbycon, the researchers said they had reported dozens of vulnerabilities to big-name medical device manufacturers over the last year.They also ran an experiment to illustrate how hackers were already targeting medical devices.
For six months, they ran fake MRI and defibrillator machines in the form of software which mimicked the real devices.The two fake machines attracted tens of thousands of login attempts and some 299 attempts to download malware.The fact that their “honeypot” devices attracted so much interest suggests that medical devices are a target for hackers.
Medical devices should not be available on the public internet. They should be behind multiple layers of protection.
Read more at BBC