As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking, according to documents and interviews.
Security researchers warn that intruders could exploit known gaps to steal patients’ records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems.
A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems.
“I have never seen an industry with more gaping security holes,” said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.”
Compared with financial, corporate and military networks, relatively few hacks have been directed at hospitals and other medical facilities. But in recent months, officials with the Department of Homeland Security have expressed growing fear that health care presents an inviting target to activist hackers, cyberwarriors, criminals and terrorists.
“These vulnerabilities may result in possible risks to patient safety and theft or loss of medical information,” a DHS intelligence bulletin said in May.
Security researchers are starting to turn up the same kinds of trivial-seeming flaws that earlier opened the way for hackers to penetrate financial services networks, Pentagon systems and computers at firms such as Google.
(Excerpt) Read more at washingtonpost.com ...
