How unsecured, obsolete medical record systems and medical devices put patient lives at risk

A team of physicians and computer scientists at the University of California has shown that it is easy to modify medical test results remotely by attacking the connection between hospital laboratory devices and medical record systems. These types of attacks might be more likely used against high-profile targets, such as heads of state and celebrities, than against the general public. But they could also be used by a nation-state to cripple the United States' medical infrastructure. The researchers from UC San Diego and UC Davis detailed their findings Aug. 9 at the Black Hat 2018 conference in Las Vegas, where they staged a demonstration of the attack. Dubbed Pestilence, the attack is solely proof-of-concept and will not be released to the general public. While the vulnerabilities the researchers exploited are not new, this is the first time that a research team has shown how they could be exploited to compromise patient health.