Story image

Warnings issued: ‘Hackable’ hospital syringes could be fatal

13 Sep 2017

Many worst fears have been realised after news emerged that specific automated syringes within hospitals are ‘hackable’.

Independent researcher Scott Gayou determined not one but eight vulnerabilities within Smiths Medical’s Medfusion 4000 wireless Syringe Infusion Pump.

What does this mean exactly? The MedFusion 4000 is a popular product that is used commonly on critical care, pediatric, and neonatal patients.

The device is a replacement for manual dosing and is regarded as a ‘safer’ option as it ensures patients get the precise dose required because anything else could be fatal – for example, in newborns.

The report from Scott Gayou was released by the Department of Homeland Security and comes with very specific warnings.

“Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorised access and impact the intended operation of the pump,” the report states.

“Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump.”

Essentially, a skilled hacker could take advantage of the security flaw within the device from anywhere in the world and take over and control it.

The company plans to fix the security flaw and release a new version in 2018, but until then, hospitals have been warned.

Director of Government Relations at McAfee, Gordon Morrison says cybercrime is building as we progress further with the Internet.

“IT and security professionals in healthcare organisations are facing unprecedented pressure – from an increase in demand and complexity of services, to the threat of legacy IT and a number of new compliance issues like GDPR and the Information governance toolkit,” says Morrison.

“Alongside these challenges, hospitals are going through immense digital transformation, with new connected medical devices being introduced to improve the doctor and patient experience.”

Morrison asserts that despite the massive potential of the healthcare Internet of Things, it’s a double-edged sword as many of these devices are prone to hacking, which is putting both hospital networks and the patients themselves at risk.

“It is essential to ensure these devices are not introduced at the expense of the safety of the patient and their data,” says Morrison.

“Achieving this will be twofold: ensuring that the devices are built securely by design and with the necessary security controls in place; as well as a security policy for connected devices in hospitals, to ensure that they can’t access sensitive data and are regularly patched against newly-discovered vulnerabilities.”

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.