Hospital medical devices vulnerable to future cyberattacks: Report
- GAO: Medical devices — MRIs and heart monitors — vulnerable to hackers
- FBI Report: 53% of connected medical devices had known vulnerabilities
- Expert: A hospital could go under if hit with a cybersecurity breach
(NewsNation) — A government oversight group is warning Americans about how vulnerable their medical devices might be to hackers.
A recent report from the Government Accountability Office says devices such as MRI machines and heart monitors could be in the line of fire. The agency is asking the FDA and CISA to update their agreement “to reflect organization and procedural updates that have occurred.”
While these hacks aren’t common, the GAO report claims there’s still a risk. Experts say it’s because a five-year-old agreement between two major government agencies is in dire need of updating.
A 2022 report from the FBI found more than half of connected medical devices in hospitals had known critical vulnerabilities.
The susceptible items include pacemakers, insulin pumps, defibrillators and more.
The GAO report found that hackers can sneak into a hospital or medical network through phishing or clicking on a bad link in an email and take control of a medical device like an MRI or a heart monitor. Then they can potentially shut them off or cause them to malfunction, putting patients at risk and possibly snarling the operations in a hospital setting.
Last year, new guidance required manufacturers of new medical devices to submit cyber weaknesses and plans to address them with the FDA.
But that doesn’t apply to all of the devices made before that.
Cyber experts say these hackers are really after Americans’ data, including personal information that they can sell on the dark web.
“If an MRI machine goes down, they can’t make money off that machine, and at the same time if they are fined for a cybersecurity breach, the hospital could go under,” Rick Jordan, the CEO of Reachout Technology, said.
The best line of defense is for medical groups to invest in cybersecurity programs, the experts say. As for the patients, there’s not much they can do to protect themselves.