Hacking medical mannequins
Wed 2 Sep 2015
A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin as its prime target in its scenario-based research.
Although the study, led by associate professor William Bradley Glisson, notes that there are currently no injuries or deaths associated with hacked medical equipment, it seeks to technically prepare against the growing threat of cyber intrusion in the arena. This includes training medical staff to recognise issues, and interpret and interact with flawed data effectively.
The computer scientists investigated the ease of compromising a training mannequin system, tampering with communication vulnerabilities identified between the device and its controlling computer.
The mannequin model used, named iStan, is one of the most advanced wireless patient simulator devices and is in use at the College of Nursing at the university. The device can bleed, secrete bodily fluids, has a blood pressure and heart rate, and breathes realistically. The simulator links with iStan software which controls the mannequin remotely by directing commands and inputs which represent real-life situations.
The test was carried out by undergraduate students with basic information technology and computer science backgrounds, showing the the relative lack of skill required to penetrate the mannequin system.
Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.
The paper reads: ‘If medical training environments are breached, the long term ripple effect on the medical profession, potentially, impacts thousands of lives due to incorrect analysis of life threatening critical data by medical personnel.’
The researchers hope that the study will provide a foundation for further vulnerability assessment and intrusion testing of other manufacturers’ training mannequins, as well as medical wearable devices and implantable technology, such as pacemakers and defibrillators.