Hacking the hospital: medical devices have terrible default security

[Permalink]

Most hospitals will not make their networks internet accessible.

Neither did Target. All it takes is one doctor to browse to an infected page, or a cafeteria worker opening an infected email on their terminal.

3 Likes

The sad thing is that many of these devices can’t/won’t be replaced, since the price to upgrade and the effort of ensuring cross-compatibility is often cost-prohibitive.

2 Likes

So now we know about these things. Who else have known about these for a long time and used them? Like Heartbleed maybe people knew, but didn’t act to fix them because they were useful.

I watch too much Person of Interest. On the other hand I won’t be so disbelieving the next time they show a hacker saying, 'I’m in" when they are talking about accessing a patient’s files.

1 Like

Also, security theater is cheaper and more satisfying than security.

2 Likes

I don’t know about cheaper, it actually seems to come at huge ongoing expense, at least in the case of the TSA. In this case, it does seem like cutting corners, but security theater in general seems to be a giant political money laundering operation that costs (b?)millions and buys a lot of "job creation,"and “keeping America’s freedoms free” ad time…Fixing actual problems seems to take hard decisions, hiring the right, intelligent people, and are less flashy, and harder to fund.

2 Likes

Erm, citation, please!

I can tell you right now that you are incorrect.
Hell, about a decade ago, there was a hospital (a University one, BTW) that had devices (not ones that touch a patient) on the internet with public IP’s. They also had ones connected directly to phone jacks with dedicated numbers.

1 Like

I’m not sure where “Security Theater” plays in to this. I’m sure if you looked around, you could find examples but I think the bigger point is security isn’t even on the radar with these systems. The point is you’d be hard pressed to find security being anywhere in the design or marketing of these products.

1 Like

Have you tried turning the patient off and turning them on again?

7 Likes

The opposite side to this is that easier to access devices are easier to modify or upgrade in useful ways. Programming for obscurity means it is terribly difficult to expand the usefulness of a device while there may likely still be evil exploits possible.
I hate built in excessive security walling the low level hardware off from the user or superuser/admin. Instead train users and use smart physical and network security rather than making great hardware and ruining the usefulness with terrible software.
I think we forget that the evil MRI tech could always just bring a ceramic knife into the exam room or an insane nurse could drive over the patient in the parking lot.

1 Like

This issue isn’t about evil hospital employees who can be caught and tried after harming someone. It’s about security of devices who’s success/failure can be the deciding factor in whether a person lives or dies being so weak that malicious virus writing non-employees could write something that causes indiscriminate (and in one case targeted) failures in these machines once one lowly hospital employee is tricked into having their computer infected.

Speaking as one whose office network has gone from relatively open to super secure, I can attest that a secure network is one upon which you can do nothing useful quickly, even with dispensation from the pope.

4 Likes

The TSA security theater fixes the actual problem of keeping people afraid of outsider forces and to rally around their rulers.

1 Like

I tried but someone’s hacked the defibrillator!

I understand you have been frustrated by technologies that are hard to upgrade, and do not allow those with access to do good things. This isn’t a matter of “open access” makes for a better product.

There is a lot that needs to be gone over when medical devices are connected to a network. Some of them having default passwords are an obvious problem. Also with every level of accessibility and interconnectedness comes added complexity. These things are not being designed for.

I think the smart thing from a design perspective is to assume the devices are being used in a “hostile” environment. With the security / ease of modification tradeoff, I would prefer that the devices that directly interface with humans in a health care scenario be more hardened, even if the network is more open.

Keep in mind also, that hardening a device against attack does not prevent those who have access to it from making modifications, upgrades, etc.

Even with TWO Popes who were canonized today??

1 Like

Fun vulnerabilities in this class include Medtronic insulin pumps - they listen for commands on a radio interface, and broadcast all the (rather limited) information you need to remote control them. Oh, and you can’t disable the radio interface, because reasons. To the best of my knowledge they still haven’t fixed it, though I hope I’m wrong.

( ref http://www.darkreading.com/vulnerabilities-and-threats/insulin-pump-hack-controversy-grows/d/d-id/1099825? )

Firstly I will admit that I prefer as simple a medical device as possible, meaning nearly no software between me and the action. If you for example are handed an old Lifepack-5 or 10 it is intuitive even if you are just off of the boat from Russia, China, or Brazil requiring quick visual inspection and maybe five minutes of instruction for anyone with ACLS equivalent training.
I am against insecure hardware and the admin assigned to the device should have as low level as possible access to the function of the software to hardware level. That means they can secure as needed or lock down as needed. I do not suggest that a network admin is qualified to hack on a certified medical device(certification presents its own merits and shortcomings), I suggest that a person certified in servicing or maintaining the unit should be available on site or from the manufacturer who can secure or enable networking or wireless telemetry and control to meet the needs of the medical institution rather than having a very static universal firmware for all devices.
As for my nurse example, a complete stranger could run down someone on any street or shoot them with a deer rifle. Vulnerabilities are bad when used for evil but they exist in life, being able to turn them off rather than closing the protocol or worse making it obscure that only a few people in the know can do some high paid assassinations over a decade or so is worse than a known vulnerability which would cause the device to be recalled or maybe have a hardware switch for the wireless or net access.