Nurses and Cyber Security: What You Need to Know

Laura A. Stokowski, RN, MS; Satish M. Mahajan, PhD, MStat, MEng, RN


June 16, 2016

Getting In

Medscape: How do hackers typically get into the healthcare network in the first place?

Dr Mahajan: Most hacking involves exploitation of vulnerabilities, of which there are many. Hackers are on the lookout for these vulnerabilities. One type of attack is when the user (employee) goes and seeks some information on the Internet: The user goes to a specific website and downloads something from that website that harbors what we call a "malicious payload," which is then installed on the user's machine. From there, it spreads.

Another method is when the hacker is pushing something directly to the user, typically through email. We get hundreds of emails from all sorts of sources almost on a daily basis. In this case, something comes in as an attachment to the email. If you click on that attachment, then programs are downloaded and executed.

Sophisticated hackers often take another route. They are looking for the public systems on the periphery of the organization—Web or communications servers that are open to the public. They scan the network ports on those systems. If they find an open port, they write a program to push something through that port into the gateway server. From there, it is executed and malicious code is spread to the internal network.

When the goal is identity theft, one method of acquiring information is through social engineering. For example, the hacker might strike up a casual conversation with a hospital staff member, either on the phone or in person, to find out an entry point (such as an email address) into hospital operations or patient details. Hospital staff members are more vulnerable to such scenarios because patients come and go on daily basis, phone calls seeking information are frequent, and staff are used to talking to strangers. In a hurry, they might answer a question before it occurs to them to verify who they are speaking to. It is important for staff to be able to distinguish between a genuine situation related to a patient enquiry and an attempt to get exploitable information that may permit entry into hospital operations.

Medscape: Are clinical Internet-connected devices used for patient care (eg, monitors, infusion pumps, ventilators) vulnerable to security breaches? How does this happen—what are the consequences of hacking devices, and what should facilities and their staff do to protect them?

Dr Mahajan: Most, but not all, clinical and patient care devices are Internet-connected these days. Server-side (where devices are connected at the other end) security and use of encrypted communications are important product design considerations. The onus of fortifying against vulnerabilities largely rests with the vendors of such devices.

Devices are typically located (or supposed to be located) on the secure parts of the healthcare network. Biomedical departments are generally responsible for installation, configuration, and maintenance of such devices, and they should give careful consideration to the security aspect of patient care devices—they should discuss with and follow recommendations from the vendors when deploying the devices in operations. The healthcare workers have very little control over these vulnerabilities, but they need to cooperate in installation, simulation, and testing of the devices to do their part in mitigating device security breaches.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: