Study shows US medical record systems are vulnerable to hacking. Credit: Markus Spiske on Unsplash.

A research team comprising physicians and computer scientists from the University of California (UC) have demonstrated that hackers can easily modify medical test results by remotely gaining access to the connection between hospital laboratory devices and medical record systems.

Researchers cautioned that hackers may be able to debilitate the country’s medical infrastructure, and they may also target specific high-profile targets such as heads of state and celebrities.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

The scientists used a man-in-the-middle attack to intercept and alter data transmitted from a laboratory information system to an electronic medical record system. Dubbed Pestilence, the attack will not be released to the general public as it solely meant for proof-of-concept.

“The scientists used a man-in-the-middle attack to intercept and alter data transmitted from a laboratory information system to an electronic medical record system.”

The report says that vulnerabilities arise from the standards used to transfer patient data within hospital networks such as Health Level Seven standards (HL7).

It is claimed that large amounts of patient data are being circulated in an insecure fashion as the standards are implemented on ageing medical equipment by personnel with little or no cybersecurity training.

To create the Pestilence tool, researchers combined their knowledge of computer science and clinicians to identify vulnerabilities and exploit them in the HL7 standard.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

UC Davis Medical Center anesthesiology resident Jeffrey Tully said: “As a physician, I aim to educate my colleagues that the implicit trust we place in the technologies and infrastructure we use to care for our patients may be misplaced, and that an awareness of and vigilance for these threat models is critical for the practice of medicine in the 21st century.”

To avoid such attacks, researchers suggested various countermeasures such as enhancing security practices, protecting medical record systems and medical devices using passwords.