Vulnerabilities in the Medical IT Infrastructure
Serious security vulnerabilities in the medical sector. Hospitals are increasingly falling victim to cyberattacks.
Christoph Saatjohann, a doctoral student in the IT security lab at Münster University of Applied Sciences, is investigating how the more than 200,000 medical facilities in Germany can be better protected. He has already warned several times about serious security gaps in the medical sector. They simulated a hacker attack and in several cases would have been able to access sensitive patient files without password protection. Secure end-to-end encryption is still not guaranteed on many communication channels, he said. “Sending plain-text e-mails with sensitive data without encryption – that doesn’t work,” warns the IT security expert. ” Today, even a fax is no longer data protection-compliant, since it is no longer sent in analog form, as it used to be, but via the Internet.”
Error-prone connectors
In their investigation, the researchers also found that the telematics infrastructure (TI) was prone to errors if the so-called TI connector, the central device for secure network access, was mishandled. “There were two potential security vulnerabilities at the time: one was when the practice network was configured incorrectly, and the other was when it was connected to a central data center,” Saatjohann explains. It is important, he says, that practices take the issue of IT security seriously and ask experts to set up and maintain the TI connectors.
Last year, Saatjohann and Endres Puschner, a doctoral student at the Max Planck Institute for Security and Privacy in Bochum, Germany, conducted a study to show how secure or rather insecure technology is at its heart. The security researchers analyzed programmers and telemonitoring devices used to program and monitor implantable pacemakers, cardioverter defibrillators and cardiac monitors. Through the gaps they uncovered, harm could be done directly or indirectly to individual, selected people.