Speaking at last week’s Security Analyst Summit in February 2016, Scott Erven, a medical device security advocate described how medical devices are putting hospital networks and patient data at risk.
Erven reported that hundreds of hospitals, clinics, and health centers were vulnerable to attack because of medical devices that were exposed to the internet. Further, these devices exhibited numerous vulnerabilities including out-of-date operating systems and weak, hard-coded credentials.
A variety of devices are vulnerable, Erven stated, including cardiology systems, infusion systems, MRI machines, and nuclear medicine systems. Once compromised, these devices could allow an attacker to “easily pivot onto the network.”
To understand the kinds of attacks these medical devices were exposed to, Erven built a series of 10 honeypots, each designed to mimic a different device.
Erven saw “a staggering number” of successful SSH logins — 55,416 in all — resulting in 299 samples of malware being dropped. Most originated from China, Korea and the Netherlands.
Erven’s research demonstrates how hospital IT departments cannot be relied on to protect medical devices from outside attack. At the same time, the Food and Drug Administration’s recent cybersecurity guidance demonstrates it intends to hold medical device manufacturers accountable.
Medical device manufacturers need a better way to secure their devices because, as Erven states, “Every sociopath on the internet is your next door neighbor.”
Running an SSH daemon on a medical device is inherently insecure. Medical devices that use iTivity for remote access and support are impervious to SSH attacks.
iTivity is used to support thousands of medical devices every day without incident. iTivity can be deeply integrated into both Windows and Linux devices to provide a host of security capabilities beyond secure remote access. Contact iTivity to learn more.