Two security researchers state that many medical devices are vulnerable because use is made of do not change default passwords. This allows devices such as external defibrillators can be remotely attacked.
Researchers Billy Rios and Terry McCorkle have discovered that many medical devices are vulnerable by hard-coded passwords. A hacker can this in theory be fairly simple to access a device and, for example, change the settings or the firmware change, so notify the American authorities FDA and ICS-CERT. According to the two government agencies are the vulnerabilities among other things discovered in hartmonitoren, laboratory equipment, infusion pumps, defibrillators and anesthesieapparaten. Specific models or brands are for security reasons not mentioned.
The authorities say that there is no evidence that the vulnerabilities are actively exploited. To potential problems yet to solve would be the manufacturers of the equipment, adjustments have to do with the software. Furthermore, hospitals as little as possible, internet access should use to reduce the chances of attacks decrease, while on existing systems autorisatiemethode should be improved. It also called for systems to regularly check and, if necessary, to patching, and the local network to monitor for possible hackaanvallen.