Research team hacks patient monitoring system, falsifies vital signs

A research team was able to successfully attack a patient monitoring system to emulate and modify vital signs in real-time. 

McAfee's Advanced Threat has been working to test and raise awareness about medical devices and their security, according to a report. For the experiment, the team decided to focus on bedside patient monitoring systems after a physician explained the importance of medical professionals having accurate data on vital signs. 

"Bedside patient monitors and related systems are key components that provide medical professionals with the vital signs they need to make decisions," the report said. 

Most bedside patient monitoring systems have two basic compenents: a bedside monitor and a central monitoring station. The central monitoring station collects vitals from multiple beside monitors and allows a single physician to observe multiple patients. 

The research team purchased a patient monitor and a compatible central monitoring station for the experiment. According to the report, the patient monitor observed the hearbeat, oxygen levels and blood pressure.

The central monitoring station ran on Windows XP Embedded. Both systems were produced around 2004 and are still in use at hospitals, according to the report. They also used a electrocardiogram simulator to replicate vital signs. 

The team targeted the networking of the devices, which passess information from the patient monitor to the central monitoring station. Following several tests, the team was able to successfully emulate the patient monitor.

They were also able to change real-time vital signs after successfully sending replacement data to the central station while appearing as the patient monitor.

"Although the monitor in the patient’s room is not directly affected, real-time modification is impactful, because medical professionals use these central stations to make critical decisions on a large number of patients—instead of visiting each room individually," the report said. "As long as the changes are believable, they will not always be verified."

Phsycians said an attack that caused fake vitals could lead to longer hospital stays, more testing and side effects from additional medications prescribed.

The research team said vendors should encrypt network traffic between devices and add authentication to prevent this type of attack. They also suggested running medical equipment on a completely isolated network with strict network-access controls. 

"If medical facilities follow these recommendations, attackers would require physical access to the network, greatly helping to reduce the attack surface," the report said.