In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minnesota, to a mission at the Mayo Clinic, the world's largest non-profit, general medical facility. Rios is a "white hat" hacker, meaning that customers hire people like him to hack into their computer systems. His client list includes the Pentagon, major defense contractors, Microsoft, Google and other names that he could not easily disclose. He played with weapons systems, aircraft parts and even power grids, invading the network of Washington's largest utility area, showing officials how they can improve public safety. In contrast, the Mayo Clinic's mission is much flatter. He suspects that he only has to do some routine work to find loopholes, and that he can work alone in a clean and quiet room for a week.
But when he arrived here, he was surprised to find that the conference room was full of familiar faces. The Mayo Clinic has assembled an all-star lineup of about a dozen computer geeks, investigators from some of the country's largest cybersecurity companies, and Black Hat Technology and the annual hacking conference (Def Con). The type of hacker who was shocked at this type of conference. The researchers were divided into groups and hospital administrators placed about 40 different medical devices in front of them. Do everything you can to destroy and make all the hacking methods to attack them - this is the instruction that the researchers received.
Today's medical devices are networked, like laptops and smartphones, which run standard operating systems and live on the Internet. Like other components of the Internet of Things, including car and garden sprinklers, they are connected to the server and many devices can be remotely controlled. For Rios, one thing that became apparent was that hospital managers did have many reasons to worry about hackers.
Rios said: "Every day, the scene is like every piece of equipment on the menu is crushed. The situation is very bad." These working groups did not have time to delve into the weaknesses of the devices they found. This is partly because they have found too many of these problems—unprotected operating systems, universal passwords that cannot be changed, and so on.
The Mayo Clinic, which found problems from the intrusion of these white-hat hackers, introduced new security requirements to its medical device suppliers, requiring each device to be tested before signing a purchase contract to ensure they meet the standards. Rios expressed his appreciation for the hospital's actions, but he knew that only a handful of hospitals had enough resources and influence to do this, and he was already convinced when he completed the work: the hospital will sooner or later If you are hacked, you will be hurt. Because of his professional relationships, he gained the privilege of diving into sensitive industries, and hospitals seem to be at least 10 years behind standard safety standards. Rios said: "Someone will take further action. As long as someone starts to try, they can do this. The only way to stop them from starting is to expect them to discover with their conscience."
Rios is 37 years old. He played for the US Marine Corps and participated in the Iraq war. During his service with the Marine Corps, Rios worked for the Signal Intelligence Department and later made an errand at the US Department of Defense Information Systems. His home office was crowded with computers, a welding machine and a lot of medical equipment.
Shortly after completing his work at the Mayo Clinic, Rios ordered his first medical device, a Symbiq infusion pump made by Hospira. He didn't deliberately investigate a particular manufacturer or product model; he just happened to see a device on eBay that sold for about $100. Is it legal to buy such a device without some permission? He is confused.
Infusion pumps are almost always visible in every ward, usually they are attached to a metal frame beside the patient's bed, automatically injecting intravenous infusions, injectable drugs or other fluids into the patient's bloodstream. Hospira was acquired by Pfizer in 2015, which dominates the infusion pump market. On the company's website, an article explains that this "intelligent infusion pump" aims to improve patient safety by automating intravenous drug delivery. The article said that improper infusion accounted for 56% of all medication errors.
Rios connected the purchased infusion pump to the network and found that remote control of the device and "press" the button on the touch screen can be done, just like someone is actually operating in front of the device. The instrument can be set to input the entire vial into the patient. He said that if a doctor or nurse is standing in front of the instrument, it may be found that the device is remotely controlled, and this input can be stopped before the entire bottle of water drops. However, if the hospital staff is responsible for looking after the infusion pump at the centralized monitoring station, it will not Notice this.
In the spring of 2014, Rios finalized his findings and sent them to the Industrial Control Systems Network Emergency Response Team (ICS-CERT) under the US Department of Homeland Security. He listed the weaknesses he found and suggested that Hospira conduct further analysis to answer two questions: Is there the same vulnerability issue in other Hospira devices? What are the potential consequences of this vulnerability? The US Department of Homeland Security turned to the US Food and Drug Administration (FDA), which transferred the report to Hospira. A few months later, Rios did not receive any response. Rios said: "The FDA seems to wait until someone is killed. "Okay, yes, this is a problem we need to worry about."
We're Professional Supplier Extract Powder manufacturers and suppliers in China specialized in providing high-quality products at low price. We warmly welcome you to buy or wholesale bulk Supplier Extract Powder for sale here from our factory. For a free sample, contact us now.
Supplier Extract Powder,Supplier Extract ,Supplier Powder Manufacturer in China
Shaanxi Kang New Pharmaceutical co., Ltd. , https://www.bio-pharmacies.com