Dive Brief:
- Cybercriminals could emulate and modify patient vital signs in real time on a medical network using a patient monitor and central monitoring system, causing patients to get the wrong medication or unnecessary tests, a new report by McAfee's Advanced Threat Research team suggests.
- The team used a patient monitor and central monitoring system similar to ones in use at several local hospitals and had Wireshark examine the traffic. Several potential vulnerabilities were identified.
- For an attack to work, the hacker would need to be on the same network as the monitoring devices and be knowledgeable about the system's protocol. Also, modifications would need to be within a believable range for doctors and nurses not to pick up on them, according to the paper.
Dive Insight:
Initial tests of the equipment showed several vulnerabilities including communicating over unencrypted User Datagram Protocol. In addition, the payload contained patient information and the broadcast address didn't require the different devices to know the address of other devices beforehand.
In the simulation, the attacker could select any heartbeat value. The IP address stored in the falsified payload still showed the data coming from the original patient monitor address. Clinical care teams tend to rely on central monitoring stations to keep track of patients and make critical decisions throughout the day. If modifications are credible, they may not be individually verified, according to the report.
"Fictitious cardiac rhythms, even intermittent, could lead to extended hospitalization, additional testing, and side effects from medications prescribed to control heart rhythm and/or prevent clots," Shaun Norbeck, a physician who assisted with the analysis, said in the analysis. "The hospital could also suffer resource consumption."
To prevent such attacks, vendors should encrypt network traffic between connected medical devices and beef up authentication, according to the report. They can also recommend hospitals operate devices on an isolated network with strict network-access controls. This would reduce the window of opportunity for attackers by forcing them to gain physical access to the network
Despite continued cyber and ransomware attacks on healthcare organizations, eight in 10 hospitals and health systems lacked a C-suite leader to manage cybersecurity enterprise-wide in 2017, and just 11% planned to hire a cybersecurity chief this year, according to Black Book Market Research.
The survey found providers also dragging their feet on adopting cybersecurity best practices, with 54% admitting they don't conduct routine risk assessments and 92% saying cybersecurity and the threat of a breach are not high priorities with their board of directors.
Implementing good threat hunting practices should be on every hospital C-team's mind, Vincent Weafer, vice president of McAfee, told Healthcare Dive in an interview last fall. Key steps to reduce an organization's cyber vulnerability include using the latest firewalls and web gateways, tracking DNS traffic, creating early warning traps to flush out attackers and running attack simulations.