Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car

While giving a talk at the Security Analyst Summit 2016, Sergey Lozhkin, a security researcher for Kaspersky, told how he was able to hack a hospital while sitting in his car outside the building.

Talking about the risks associated with a hospital hack, we’ve got an endless list on our plate. A cybercriminal can alter the patients’ electronic health records and turn a healthy person into a sick one. Changing the settings of the medical equipment also brings along a scary scenario.

Well, it was just a test and the hospital management gave the permission to test the computer network. This experiment was started to highlight the security risks the unprotected medical equipment pose. He got the inspiration to do so when he stumbled upon such equipment online through Shodan.

After finding that many of those devices belonged to the local hospital, Sergey contacted the hospital administration and brought the issue to the hospital management’s attention.

During the process, he discovered that due to the basic firewalls, he was unable to access any equipment via remote connection. Next, he aimed to crack hospital’s network by sitting in his car near to the actual building. Fortunately, he was close enough to reach the building’s WiFi.

Then he managed to reach a tomographic scanner that allowed him to access the patient’s records. “There are two groups of people who need to be alarmed by this question, more specifically — the developers of medical equipment and the hospital management boards,” the Kaspersky team notes in a blog post.

It’s inevitable to avoid injuries and doctors — so we are bound to put our trust into the high-tech medical devices used in the hospitals. This experiment shows the appalling condition of the Internet-connected devices that are just accidents waiting to happen. It’s a responsibility of the hardware and software developers to ensure the security of these devices who are constantly talking to the Internet without following proper security protocols.

Source: http://fossbytes.com
Share on Google Plus

About Seang Anouksar

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment


Post a Comment