Hospitals could be under threat of cyber-attacks, according to report
BALTIMORE (WBFF) -- Hospital patients could be vulnerable to a cyber-attack, according to report from a Baltimore security firm.
Independent Security Evaluators spent two years identifying weaknesses at a dozen hospitals across the nation including some in Baltimore and Washington. The group found vulnerabilities that, in the wrong hands, could hurt patients and potentially kill them.
In a 71-page report titled 'Securing Hospitals,' researchers claimed they were able to manipulate vital signs monitors and change medical doses.
Infected USB sticks were left at hospitals where employees plugged them into computers within 24 hours, the report said. Hackers were also able to monitor check-in kiosks to access patient records and payment information. The research project was in controlled environments under supervision of hospital staff where attacks didn't interfere with patients' health or records, according to the report.
ISE Chief Strategist Paul Dant said it would be unlikely for malicious hackers to get away with the same attack but believes the public should still be concerned.
"I don't want to send the message that people are at risk at hospitals of dying today necessarily, but our findings indicate we need to take a very strong look at what we identified."
Dant said hospitals and healthcare systems put the primary emphasis on protecting patient information instead of the devices that could affect patients.
"As consumers we need to stop assuming that security is inherent in products we use and connect to," said Dant. "In that vein, we should start demanding from vendors and manufacturers of these products that they be more transparent about security."
Area hospitals that were contacted referred FOX45 to the Maryland Hospital Association.
"It is unfortunate that there are bad actors who seek to infiltrate information systems from all corners of life, including those of hospitals," said MHA spokesperson Jim Reiter. "Hospitals and health systems take very seriously their obligation to protect patient data and they are as a result vigilant every day about taking the steps needed to shield their systems from potential risks."
The CEO of an Annapolis-based cybersecurity company said the report makes good observations and raises valid concerns to complex issues that should be addressed.
"Where we previously believed that the government and its infrastructure were the primary points of attack we now need to be truly concerned over the infrastructure of the private sector, our banks, our hospitals, our patients," said South River Technologies CEO Michael Ryan.
Ryan added that the best solution doesn't lie with one vendor but a collaborative effort which would "blanket the health care facility."