Security First Mindset evades Medical Devices leaving them Vulnerable


“Everything with a powerpoint is probably connected, or will be shortly,” says Christopher Neal, chief information security officer (CISO) of Ramsay Health Care. “Increasingly that connectivity is critical to patient care,” he told the Gartner Security and Risk Management Summit in Sydney on Monday.

Even if those connected devices aren’t transmitting patient medical data, increasingly they’re conveying information about their own health.

Yet those medical devices can be incredibly vulnerable.

Neal saw this first-hand in the medical village at the DefCon cybersecurity conference earlier this month. Hackers were let loose on the kind of equipment you’d expect to find in hospital patient rooms.

“The most fun I saw was [when] a guy sat down at an ultrasound machine,” he said. “Within about 30 seconds of connecting he had shell, unrestricted Powershell access to that system through a vulnerability in the file manager that’s on the platform.”