Hospitals around the UK may like to make sure that their security systems are robust and up to date, with new research from healthcare cyber security company CyberMDX finding that vulnerabilities have been discovered in anaesthesia machines.
This means that attackers could hack into the devices and impair respirator functionality, changing the composition of gases, altering time and date records, and silencing alarms.
Head of research with the company Elad Luz explained that the potential for meddling in this way where gas composition and alarms are concerned is clearly troubling, as is the ability to change timestamps that document what happens during surgery.
“Anaesthesiology is a complicated science and each patient may react differently to treatment. As such, anaesthesiologists must follow stringent protocols for documenting and reporting procedures, dosages, vital signs, and more. The ability to automatically and accurately capture these details is one of the main reasons why respirators are connected to the network to begin with.
“Once the integrity of time and date settings has been compromised, you no longer have reliable audit trails. That’s a very serious problem for any medical centre,” he went on to say.
Vulnerabilities were discovered in the GE Aestiva and GE Aespire devices (models 7900 and 7100), so any healthcare providers using these would be wise to be on their guard.
If a device is connected to a terminal server and a cyber criminal is able to access the hospital network, they can then hack the devices without having prior knowledge of the location of the machines or IP addresses.
If exploited, the vulnerability of these machines could have a direct impact on the integrity, confidentiality and availability of device components, as well as putting people at risk.
You might also like to read our recent blog post on this particular topic, where GlobalData medical device analyst David Brown told Verdict Medical Devices that there have been numerous instances where equipment has been found to be vulnerable to an attack… which could result in serious harm to patients.
For example, researchers at Ben-Gurion University demonstrated that CT scanners using outdated software were at risk, with hackers potentially able to adjust the applied radiation to reach harmful levels.
A few years ago, NHS Digital launched a new cyber security service to help deal with digital security threats – the Security Operations Centre. The organisation was set up to monitor national health and care services, as well as giving officials a better idea of what guidance and advice would be most effective.
Head of the Digital Security Centre Dan Taylor said at the time that the organisation would enhance data security services and improving capabilities in ethical hacking, as well as vulnerable testing and analysis of malicious software.
If you’re looking for medical calibration services, contact us today.