Security News > 2020 > January > Malware Infects Small Hospital's Medical Imaging Server

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes.

While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.

"The interplay between medical devices and electronic heath records creates a vulnerable threat surface that will only increase over time," says Kevin Fu, a professor at the University of Michigan and founder and chief scientist of its Archimedes Center for Medical Device Security.

"There are times when a desktop is a desktop and there are times when it is a 'medical device.' Same with servers - if it is only 'serving' medical devices, clinical engineering may not want IT to touch it or IT may not want to touch but it really still another server. It may have been part of a purchase of imaging devices, so it goes undetected by purchasing or IT as a 'server'."

"Understand that medical devices represent a real threat to the providers' operations and patient safety. Providers should validate that they have an accurate inventory - including information specific to medical devices, not just a standard IT inventory. And the medical device management process should be tightly integrated with the IT and/or security department so that compensating security controls can be implemented if the devices, themselves, cannot be secured."

News URL

https://www.inforisktoday.com/malware-infects-small-hospitals-medical-imaging-server-a-13577