Story image

Warnings issued: ‘Hackable’ hospital syringes could be fatal

13 Sep 17

Many worst fears have been realised after news emerged that specific automated syringes within hospitals are ‘hackable’.

Independent researcher Scott Gayou determined not one but eight vulnerabilities within Smiths Medical’s Medfusion 4000 wireless Syringe Infusion Pump.

What does this mean exactly? The MedFusion 4000 is a popular product that is used commonly on critical care, pediatric, and neonatal patients.

The device is a replacement for manual dosing and is regarded as a ‘safer’ option as it ensures patients get the precise dose required because anything else could be fatal – for example, in newborns.

The report from Scott Gayou was released by the Department of Homeland Security and comes with very specific warnings.

“Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorised access and impact the intended operation of the pump,” the report states.

“Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump.”

Essentially, a skilled hacker could take advantage of the security flaw within the device from anywhere in the world and take over and control it.

The company plans to fix the security flaw and release a new version in 2018, but until then, hospitals have been warned.

Director of Government Relations at McAfee, Gordon Morrison says cybercrime is building as we progress further with the Internet.

“IT and security professionals in healthcare organisations are facing unprecedented pressure – from an increase in demand and complexity of services, to the threat of legacy IT and a number of new compliance issues like GDPR and the Information governance toolkit,” says Morrison.

“Alongside these challenges, hospitals are going through immense digital transformation, with new connected medical devices being introduced to improve the doctor and patient experience.”

Morrison asserts that despite the massive potential of the healthcare Internet of Things, it’s a double-edged sword as many of these devices are prone to hacking, which is putting both hospital networks and the patients themselves at risk.

“It is essential to ensure these devices are not introduced at the expense of the safety of the patient and their data,” says Morrison.

“Achieving this will be twofold: ensuring that the devices are built securely by design and with the necessary security controls in place; as well as a security policy for connected devices in hospitals, to ensure that they can’t access sensitive data and are regularly patched against newly-discovered vulnerabilities.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.