While it is known that hackers have the ability to break into hospital record systems, records indicate that even individual hospital rooms are no longer safe.
A recent article titled “Can a Hospital Room be Attacked” states: “Cyberattacks today have the potential to harm patients, but most of the attacks against medical device makers are aimed at stealing their technology so devices can be copied or product development dead ends can be avoided,” says Michael Ebert of KPMG’s health care and life sciences group.
Various countries are seeking to hack into patients IV so companies in those nations can copy them. According to a 2017 study by KPMG, 53 percent of executives named nation states as the most likely source of medical device cyberattacks, with 79 percent saying the hackers target intellectual property.
But the same poll revealed 41 percent believe cyber bad guys also pursue patient data. Some believe they target politicians and wealthy business leaders. Dr. Michael Nowatkowski, an information security professor at Augusta University’s Cyber Institute, tries to help keep IVs and similar machines safe from attacks. He notes lots of hospital equipment pre-dates the “internet of things” – the connection of seemingly non-computerized items online.
Quoted in the article, he states: “Prior to network connectivity, these devices were protected by physical security – only authorized medical personnel were allowed in the room with the patient,” he explains. “If changes to the infusion pump operations were made, they were made by pressing buttons on the device.” But retrofitting pre-internet medical equipment for the internet of things means hospitals are now filled with IV machines, CT scanners and similar devices with software inside them that isn’t password protected.
What worries many experts is that hackers will seek to sabotage a medical device, steal the intellectual properties of a manufacturer or the effect production of the devices. Sometimes, Nowatkowski adds, cybercriminals even wind up in a device by accident: “A hacker is simply exploring and does not realize they are ‘inside’ a medical device. Many of these systems run operating systems similar to a normal computer, so the attacker may think they are just exploring a computer.”