WASHINGTON (WUSA9) --- Cybersecurity experts have found ways to hack into hospital equipment.
A recent IT study exposed the vulnerabilities of technology used inside medical facilities. The study conducted by Independent Security Evaluators (ISE) tested the hackability of hospital software and medical devices keeping patients alive.
One of the 12 hospitals in the study was located in the Washington Metropolitan area. Although the healthcare facilities volunteered for the study, the authors of the ISE research report kept the hospital names anonymous.
Ted Harrington, ISE executive partner, insisted the study's conclusions may be applied to medical facilities nationwide.
"100% were found to have critical security vulnerabilities which, if exploited, could result in patient harm or fatality."
In other instances Harrington said his team bypassed the online authentication process so that a medical device may be "weaponized" against a targeted patient such as a politician. (No patient was put into harms way during the study. The hacking was conducted within a controlled setting.)
The recent ransomeware attack on MedStar Washington's Georgetown University Hospital showed a less sophisticated type of cyberattack, according to Harrington. The hackers demanded money in exchange for the safe return of patient data. As of this writing, the hospital reported no patient data was compromised.
Patient data is just one section of overall patient health, according to Harrington. To fully protect against more sophisticated cyberattacks, medical software and devices need more safeguards against exploitative hackers.
ISE's study offers a blueprint on how to fix the problems. For one, the hospital should restructure itself so IT (information technology) and IS (information security) are separate departments working to safeguard the hospital and its digital components from cyberattacks.
David Finn, Health Information Technology Officer at Symantec, sits on the advisory board for the ISE report. He has been in the hospital industry for over two decades and sees a need to shift employee training.
Hospital workers need more training on safer and proper use of work e-mail and websurfing on laptops and mobile devices, according to Finn. The proper practice would lower the risk of infecting software with malware.