By Alexandra Thompson Senior Health Reporter For Mailonline
Published: 14:19 BST, 17 June 2019 | Updated: 14:20 BST, 17 June 2019
View
comments
Cybercriminals could hack into medical devices used in NHS hospitals, security specialists have warned.
The US-based cybersecurity firm CyberMDX lifted the lid on security flaws in hospital wards' workstations which are connected to the internet.
NHS trusts have been warned hackers could gain access to medical software that would enable them to control and cut off IV pumps.
This could lead to 'catastrophic' consequences if they were to block the delivery of chemotherapy drugs or tamper with insulin doses, one expert said.
Concerns over the security of NHS computer systems have been rife ever since more than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack in May 2017 (Pictured: The ransom screen used in the WannaCry attack)
Jon Rabinowitz, vice president of marketing at CyberMDX in New York, wrote in a blog post: 'An attack of this sort can allow an attacker to disable the workstation.
'[And] disrupt the flow of electricity to care-critical infusion pumps, falsify pump status information (vital for the nursing staff) and in some cases even alter drug delivery.
'In other words, if compromised, these simple mounting poles can potentially harm patients.'
The machines are electronic and connected to both nurses' computers and to IV drips hooked up to patients.
Vital medicines such as chemotherapy drugs and insulin for diabetic patients may be administered through the machines, which control the dose, timing and speed of injection.
Cybercriminals do not appear to have gained access to any NHS devices so far.
More than a third of hospital trusts had their systems crippled in the WannaCry ransomware attack in May 2017.
Nearly 20,000 hospital appointments were cancelled because the NHS failed to provide basic security against cyber attackers.
NHS officials said 47 trusts had been affected – but the National Audit Office (NAO) found that the impact was far greater, and in fact 81 were hit by the attack.
When the attack came on May 12 it ripped through the out-of-date defences used by the NHS.
The virus spread via email, locking staff out of their computers and demanding £230 to release the files on each employee account.
Hospital staff reported seeing computers go down 'one by one' as the attack took hold. Doctors and nurses were locked out, meaning they had to rely on pen
