According to researchers, thousands of medical systems such as MRI machines are accessible online by hackers.
Researchers Scott Erven and Mark Collao claim that to date around 68,000 medical systems from a large US health group have been exposed. They presented their findings at a hacker conference Derbycon.
They explained to delegates that interfaces connected to medical systems were available via a search engine called Shodan, which is a dedicated search engine for Internet-connected devices.
The duo also revealed that in order to test this theory, over the course of six months they ran fake MRI and defibrillator machines in the form of software which mimicked the real devices.
During this period, the devices were subject to tens of thousands of login attempts from hackers, along with 299 attempts to download malware to the fake machines.
Hospitals that have networking equipment and administrative computers exposed online risk attacks and the exposure of confidential patient information. In addition to this, the hackers can also build up details on these health organisations – including the location where the medical devices were housed.
“Medical devices should not be available on the public internet. They should be behind multiple layers of protection,” commented security researcher Ken Munro.
“Based on their research, we can see that hackers will have a go at devices that are clearly critical medical systems. That is scary, if unsurprising.
“What is even scarier is that the research shows that some medical devices have already been compromised.”