Study shows US medical record systems are vulnerable to hacking. Credit: Markus Spiske on Unsplash.

A research team comprising physicians and computer scientists from the University of California (UC) have demonstrated that hackers can easily modify medical test results by remotely gaining access to the connection between hospital laboratory devices and medical record systems.

Researchers cautioned that hackers may be able to debilitate the country’s medical infrastructure, and they may also target specific high-profile targets such as heads of state and celebrities.

Go deeper with GlobalData

Go deeper with GlobalData

The gold standard of business intelligence.

Find out more

Discover B2B Marketing That Performs

Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.

Find out more

The scientists used a man-in-the-middle attack to intercept and alter data transmitted from a laboratory information system to an electronic medical record system. Dubbed Pestilence, the attack will not be released to the general public as it solely meant for proof-of-concept.

“The scientists used a man-in-the-middle attack to intercept and alter data transmitted from a laboratory information system to an electronic medical record system.”

The report says that vulnerabilities arise from the standards used to transfer patient data within hospital networks such as Health Level Seven standards (HL7).

It is claimed that large amounts of patient data are being circulated in an insecure fashion as the standards are implemented on ageing medical equipment by personnel with little or no cybersecurity training.

To create the Pestilence tool, researchers combined their knowledge of computer science and clinicians to identify vulnerabilities and exploit them in the HL7 standard.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

UC Davis Medical Center anesthesiology resident Jeffrey Tully said: “As a physician, I aim to educate my colleagues that the implicit trust we place in the technologies and infrastructure we use to care for our patients may be misplaced, and that an awareness of and vigilance for these threat models is critical for the practice of medicine in the 21st century.”

To avoid such attacks, researchers suggested various countermeasures such as enhancing security practices, protecting medical record systems and medical devices using passwords.

Medical Device Network Excellence Awards - Nominations Closed

Nominations are now closed for the Medical Device Network Excellence Awards. A big thanks to all the organisations that entered – your response has been outstanding, showcasing exceptional innovation, leadership, and impact

Excellence in Action
HemoSonics has won the 2025 Marketing Award for its impactful promotion of theQuantra Hemostasis System and leadership in blood management education. See how targeted campaigns, thought leadership content, and hands on clinician training are accelerating Quantra’s market traction and shaping the future of hemostasis testing.

Discover the Impact