When Hacking Turns Deadly

May 19, 2014 by By InTouch Health

If you think that Target and other retailers are easy pickings for hackers, they’re like a digital Fort Knox compared to your average U.S. hospital.

Wired magazine recently reported on a two-year study that shows how ridiculously easy it is to hack hospital devices. Scott Erven, head of information security for Essentia Health, was allowed to roam several large hospitals in the Midwest looking for security weaknesses that might attract hackers. 

What Erven uncovered is truly a horror show:

  • Drug infusion pumps that can be remotely manipulated to change dosages
  • Lax security on Bluetooth-enabled defibrillators that can be hijacked to shock those who don’t need it (and fail to shock those who do)
  • Unprotected medical records that can be remotely altered so that a doctor prescribes the wrong care or medication

This highlights why hospitals – now more than ever – should work with tech-savvy partners like those in telemedicine, who understand the world of AES 256 encryption, FDA Class II clearance, and the latest HIPAA rules regarding security and privacy.

Most hospital leaders aren’t aware that the maximum fine for a HIPAA security violation involving willful neglect has recently risen from $25,000 to an astounding $1.5 million. And a single data breach typically involves multiple HIPAA violations.

We’re learning the hard way that https:// sites aren’t as secure as we once thought – and hackers worldwide are working diligently to perfect the next Heartbleed-style onslaught.

Telemedicine companies are in the forefront of making data transfer standards like HL-7 and SIP less vulnerable to digital intruders. A telemedicine network has plenty of security safeguards. That’s often not the case with the defibrillator down the hall.