You are currently viewing McAfee Uncovers Cybersecurity Vulnerabilities in Patient Monitors

McAfee Uncovers Cybersecurity Vulnerabilities in Patient Monitors

Healthcare was the most targeted sector in terms of the number of breaches in the 2017-2018 period found researchers at McAfee Labs’ Advanced Threat Research.

Minimize the risk of a data breach and protect your business reputation with a solution like SkyFlok.

At SkyFlok we allow users to use multiple cloud storage providers together to efficiently and securely store their files. We spread the data across multiple locations and providers, which means that an attacker needs to compromise multiple Cloud providers before having any chance to look at the files. Your clients’ data is safe and you keep full control over it.

Subscribe to SkyFlok and protect the privacy of your sensitive or confidential client.

This could have a profound impact on patient care, because central stations are used to monitor and make medical decisions on a large number of patients. If cardiac rhythms were altered by attackers, this could have a cascade of effects on the healthcare providers.

“Fictitious cardiac rhythms, even intermittent, could lead to extended hospitalization, additional testing, and side effects from medications prescribed to control heart rhythm and/or prevent clots. The hospital could also suffer resource consumption.” explained Dr. Shaun Nordeck, who worked with McAfee on the research.

Nordeck said that changes to a heartbeat would trigger the nurse or technician monitoring the central station to page a doctor, who would typically ask for a printout to review the rhythm.

The doctor might order an EKG to verify the rhythm. An EKG, however, would not likely capture an abnormal rhythm if it is intermittent, but the test might reveal an underlying cause for intermittent arrythmia. Should the rhythm recur intermittently throughout the day, the doctor might make treatment decisions based on this erroneous printout, Nordeck related.

In addition, the researchers found that weak authentication controls could allow rogue devices to be placed onto the medical network and mimic patient monitors.

McAfee researchers tested two medical devices — a patient monitor and a compatible central monitoring station. They decided to focus on possible vulnerabilities in the communication link between the monitor and the station.

The researchers set out to answer the question: “Is it possible in real time to modify a patient’s vitals being transmitted over the network?”

To conduct the testing, the researchers purchased an electrocardiogram simulator on eBay.

In the McAfee test bed, the patient monitor, central monitoring station, and a research computer were attached to a standard switch. The research computer was configured on a monitor port of the switch to sniff the traffic between the central monitoring device and the patient monitor. The ECG simulator was attached to the patient monitor.

The researchers used the Wireshark network protocol analyzer to watch the devices in action.

“For this attack to be viable, an attacker would need to be on the same network as the devices and have knowledge of the networking protocol. Any modifications made to patient data would need to be believable to medical professionals for there to be any impact,” one of the McAfee researchers, Douglas McKee, wrote in a blog post.

The McAfee researchers did not modify the patient monitor, which showed the true data. The researchers were able to demonstrate the possible impact of an attack, which could result in patients receiving the wrong medications, additional testing, and extended hospital stays, McKee related.

McKee explained that product vendors and medical facilities could take steps to reduce the threat of this type of attack. For example, vendors could encrypt network traffic between the devices and add authentication requirements. These steps would increase the difficulty of this type of attack.

Hospitals and other medical facilities could run this equipment on an isolated network with strict network-access controls. Then, attackers would require physical access to the network, reducing the attack surface, McKee related.

McAfee reported this research to the vendor whose products were tested.

According to a report issued earlier this year by McAfee Labs, healthcare saw a 47 percent jump in cyberattacks in the first quarter of 2018 compared with the fourth quarter of 2018. Healthcare was the most targeted sector in terms of the number of breaches in the 2017-2018 period, followed by the public sector and education.


Or go back to

Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.