Hospitals Vulnerable to Attack; Focused on Wrong Assets

Security Firm Publishes Research Demonstrating Vulnerabilities, Solutions

Feb 23, 2016, 15:02 ET from Independent Security Evaluators

BALTIMORE, Feb. 23, 2016 /PRNewswire/ --  Independent Security Evaluators (ISE), the security consulting and research firm, has published a groundbreaking study that demonstrates security flaws to be pervasive within the healthcare industry. 

The research found that adversaries could deploy cyber attacks that result in physical harm to patients. 100% of the hospitals investigated all had very serious security issues, suggesting broader implications across the entire industry.  "The industry today is focused almost exclusively on protecting patient records," notes ISE founder Steve Bono. "We set out on this research to determine what are the threats to patients lives, and how realistic are those threats."  Bono explains the research impact, stating, "We found those threats to be very real, and worse still, the industry is ill-prepared to effectively deal with them."

Over the course of 24 months, the researchers investigated 12 healthcare facilities, 2 healthcare data facilities, 2 healthcare technology platforms, 2 active medical devices, and a host of other devices and applications.  The research proved that remote adversaries can deploy attacks that target and compromise patient health.  "Security vulnerabilities in healthcare are a result of systemic business failures," says Ted Harrington, Executive Partner at ISE and one of the leaders of the study.  "We found egregious business shortcomings in every hospital, including insufficient funding, insufficient staffing, insufficient training, lack of policy, lack of network awareness, and many more."

Along with the vulnerability findings, ISE also published a blueprint to help guide healthcare organizations towards a stronger security posture.  "We recognize the immense political, regulatory, and business challenges that hospitals face in the pursuit of their security mission," observes Geoff Gentry, Director of Healthcare for ISE and the lead driver of the study, "so we designed the blueprint to help healthcare organizations navigate that complexity. We are all patients, this affects us all; by publishing the solution and giving it away, we can drive change in this industry."

ISE's first presentation of the research will happen at RSA Conference USA in San Francisco, CA on March 1, 2016 and at HIMSS Annual Conference in Las Vegas, NV on March 2, 2016.  The complete source study can be found here:

About ISE
Founded in 2005 out of the PhD program at the Johns Hopkins' Information Security Institute, ISE is a security consulting firm comprised of hackers, computer scientists, reverse engineers, and cryptographers who help companies defend against sophisticated adversaries through manual, white box security assessments.  ISE is widely recognized as being the first company to hack the iPhone, and more recently for the discovery of the vulnerability epidemic in wireless routers.  ISE organizes popular hacking concept IoT Village.


Ted Harrington

Independent Security Evaluators


4901 Springarden Drive, #200

Baltimore, MD 21217 USA

SOURCE Independent Security Evaluators