Healthcare organizations' cybersecurity systems are rife with vulnerabilities that could seriously affect patient safety, according to a team of white hat hackers hired to put hospital defenses to the test.
"Security vulnerabilities in healthcare are a result of systemic business failures," said Ted Harrington, executive partner at Independent Security Evaluators and one of the leaders of the study. "We found egregious business shortcomings in every hospital, including insufficient funding, insufficient staffing, insufficient training, lack of policy, lack of network awareness, and many more."
Over a two-year period, the researchers dug into cybersecurity measures across 12 healthcare facilities, two healthcare data facilities, two medical devices and two healthcare technology platforms, among others. Their findings suggest that cyberattacks are in fact capable of having ramifications on patient health.
Sergey Lozhkin, a researcher for computer security software developer Kaspersky, recently announced a successful hacking of his own hospital, in partnership with the facility's administration. Mr. Lozhkin entered the hospital's network via Wi-Fi from the parking lot and gained access to controls of several medical devices as well as private patient data.
The FDA has published guidance on devices with questionable security standards that could pose risks to patients dependent on them. In particular, certain insulin pumps are vulnerable to bad actors who might potentially access them and change dosages.
In addition to the security efficacy findings, ISE published a guide to help healthcare organizations bolster their cybersecurity protections. It will be presenting the findings at the 2016 HIMSS Annual Conference in Las Vegas on March 2. The full report is available here.