Medical imaging machines running outdated software like Windows 2000 can give hackers control of sensitive patient information that can cost hospitals millions of dollars in ransom, according to an industry report. Cyberterrorists who gain entry to hospitals and their networks can easily connect to ultrasound imaging devices running old software that are often used to monitor pregnancies and other conditions, security specialist Check Point Software Technologies said. From there, gaining access to personal details and images is simple, the report said.
Attacks like the 2017 WannaCry ransomware virus that hit computers in at at least 100 countries spurred Check Point to investigate hackers’ potential techniques. That virus spread mainly through programs that lacked recent security updates, and cost the U.K.’s National Health Service alone some 92 million pounds ($104 million) in lost output and information technology costs, according to a report last year from the Department of Health & Social Care.
“We wanted to show how this could happen,” said Gil Messing, a spokesman for Check Point, emphasizing that the issue was not with the devices or the manufacturers but with the outdated software.
Vulnerability can stem from health devices running on software so old that there are no patches or updates, the report said. Hospitals often don’t want to take costly machines off-line for an upgrade that takes time, loses patients and costs money, Check Point researchers said. Solutions to include better encryption of the files, employment of more advanced, comprehensive security solutions, and separating patient data from IT networks, Check Point said in a blog post.