Vulnerability Management

Thousands of medical systems found vulnerable to attack

Thousands of medical systems are vulnerable to cyberattacks, new research demonstrates.

Security researchers Scott Erven and Mark Collao presented their findings at Derbycon this past week and showed that at least one “very large” U.S. healthcare organization, has more than 68,000 medical systems exposed to attack.

Among the systems at risk are 21 anesthesia, 488 cardiology, 67 nuclear medical and 133 infusion systems, The Register reported, as well as 31 pacemakers, 97 MRI scanners and 323 picture archiving and communications devices.

The men used the Shodan search engine to look for vulnerable devices with some discovered flaws allowing for remote administrative access.

Attackers apparently fell for the researchers' honeypots, which mimicked real medical equipment. Their tests yielded 55,416 SSH and web logins and 299 malware payloads.

Often times, the attackers weren't aware they compromised a medical device.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.