Ultrasound Machine Diagnosed with Major Security Gaps

  /     /     /  
Publicated : 23/11/2024   Category : security


Ultrasound Machine Diagnosed with Major Security Gaps


Check Point researchers investigate security risks and point to implications for medical IoT devices.



RSA CONFERENCE 2019 – San Francisco – Vulnerabilities in connected medical devices could have massive implications for patients and the healthcare industry as a whole.
The Internet of Medical Things (IoMT) is poised to broaden the attack surface for healthcare organizations, according to Check Point experts. Eighty-seven percent of healthcare institutions are expected to use IoT technologies by the end of 2019, with nearly 650 million IoMT devices in use by 2020, states a new Check Point study. The study underscores the danger of what could happen if these devices are poorly secured.
IoT devices collect vast stores of data and are commonly built on outdated software and legacy operating systems. This makes them a simple gateway for cybercriminals, who could break in and move laterally across the target network.
Consider ultrasound technology. Researchers explain how huge advancements have been made to provide detailed health data to doctors and patients. Unfortunately, they report, this innovation hasnt made its way to the security of IT environments where ultrasound machines sit. To prove this point, they went under the hood of a real ultrasound device.
What they found was a tool running on Windows 2000. Like many IoMT devices, this no longer receives updates or patches, and leaves both the machine and its data exposed to intruders. It wasnt hard to exploit vulnerabilities and access its database of ultrasound images,
they explain
.
An attacker with this access could launch a ransomware campaign on the hospital system or swap patients images. Think how much chaos that can do in the hospital, said Oded Vanunu, head of product vulnerability research at Check Point, in an interview with Dark Reading here at the RSA Conference.
Cybercriminals may use health records to get pricey medical services and prescription medications; they may also gain access to government health benefits. Or they could sell it: The Ponemon Institute
found
healthcare breaches are most expensive, at $408 per record.
Healthcare organizations often dont have the budget for strong IT and security, Vanunu explained. Hospitals are flat networks – from our perspective ... we think cybercrime will start to move to the weakest networks. Its happening already, he noted.
IoMT devices are in mass production, Vanunu continued, but nothing is being done to secure them. Because the device Check Point analyzed was running Windows 2000, exploiting it was simple. We didnt use any sophisticated tools, Vanunu said. No zero-day, no reverse-engineering vulnerability. Any beginner can exploit it.
Related Content:
Companies Having Trouble Translating Security to Mobile Devices
Phishing Attacks Evolve as Detection & Response Capabilities Improve
How China & Russia Use Social Media to Sway the West
Twitter, Facebook, NSA Discuss Fight Against Misinformation
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ultrasound Machine Diagnosed with Major Security Gaps