Monday, May 16, 2022
UniqPaid - online rewards program

Hackers ‘could target anaesthetic devices’

Anaesthetic machines that have been used by NHS hospitals could be hacked and controlled from afar, a cyber-security company says. A successful attacker would be able to change the levels of anaesthetic and oxygen, among other gases, delivered to a patient, CyberMDX said. Alarms designed to alert anaesthetists to any danger could also be silenced. GE Healthcare, which makes the machines, said there was no “direct patient risk”. But CyberMDX’s research suggested the Aespire and Aestiva 7100 and 7900 devices could be targeted by hackers if left accessible on hospital computer networks.

And analysis by BBC News found multiple references online to the Aespire and Aestiva machines being used in NHS Hospitals. This included a document from Nottingham University Hospitals NHS Trust dated July 2018, which said the anaesthetic machines “in common usage” at the trust included the GE Aestiva 7100 and GE Aestiva 7900. NHS Digital said it could not confirm the extent to which the machines were still in use across the NHS. “We are currently assessing the volume of these particular anaesthetic machines in use across England and we will be sharing any subsequent advice with trusts in the coming days,” a spokeswoman said.

  • Security warning over hospital syringe pumps
  • Computer virus alters cancer scan images

Elad Luz, head of research at CyberMDX, said he was aware of hospitals in the US and Asia that also used the devices. GE Healthcare said it was satisfied a cyber-attack would “not introduce clinical hazard or patient risk”. It said this was because anaesthetic devices were “attended” by anaesthetists and would be monitored for any errors. The company told BBC News it did not plan to release any security updates for the anaesthetic machines but hospitals should use secure network protocols to protect them from would-be hackers.

Cyber-security expert Ken Munro agreed that medical devices should be isolated within computer networks but added: “It’s not, frankly, the case in many hospital networks.” And he said GE Healthcare should bear some responsibility for the issue. “GE absolutely have a part to play in this and they absolutely should be building devices with strong security,” Mr Munro added.

GE Healthcare has responded to the reports of a problem with its machines

A malicious hacker may try to gain access to a hospital’s network, locate one of the machines and then adjust its settings, said Prof Harold Thimbleby, an expert in medical device cyber-security, at Swansea University. And he gave the example of WannaCry, a ransomware outbreak that spread through NHS computer networks in 2017, to illustrate how an attack could unfold. “As with WannaCry, a phishing attack can gain access and then an attacker can do what they like,” he told BBC News.

“Given the worldwide profile of WannaCry, it is amazing vulnerabilities like this are still around.” A spokeswoman for the the UK’s Medicines and Healthcare products Regulatory Agency said reports of the cyber-security vulnerability were now part of an “ongoing area of investigation”. “Patient safety is our highest priority and where necessary we will take action to protect public health,” she added. The US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published an advisory notice about the security issue.

More from author

Taiwanese President Visits Allies

Taiwanese President Tsai Ing-wen leaves for a 12-day visit to four Caribbean allies. The trip will also include a...

Movie of the week: Maleficent Mistress of Evil

Maleficent travels to a grand old castle to celebrate young Aurora's upcoming wedding to Prince Phillip....

China warns Hong Kong protesters not to ‘play with fire

China has issued a strong warning to Hong Kong's protesters, saying their attempts "to play with fire...

Pregnant Jemma Lucy’s ‘irresponsible’ Instagram post banned

An Instagram post by reality star Jemma Lucy has been banned by the Advertising Standards Authority (ASA)....


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trends Now

Impeachment: Donald Trump and Lev Parnas

President Donald Trump and aides sought Thursday to distance him from a Soviet-born businessman who said Trump knew all about efforts to pressure Ukraine into...

Italy PM Conte vows more united Italy as Salvini leaves power

Caretaker Prime Minister Giuseppe Conte has accepted a mandate to form a new coalition with a vow to lead a "more united, inclusive" Italy,...


Health insurance is a type of insurance which covers the whole or part of a person’s incurring medical expenses and spreading this risk over a large...

South Korea Releases Official Guidelines for Cryptocurrency

Bitcoin is a cryptocurrency and worldwide payment system. It is the first decentralized digital currency, as the system works without a central bank or...
%d bloggers like this: