Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Friday, April 29, 2022

A Little Levity With A Rather Serious Problem Underlying It!

This appeared last week.

Hospitals exposed to robot glitch

David Swan

10:46PM April 19, 2022

At least two Australian hospitals were using robots with security flaws that could have allowed hackers to spy on patients, tamper with medication or shut down hospital systems.

Cyber security researchers say the vulnerabilities, discovered overseas last week, affected Aethon TUG smart autonomous robots understood to be deployed in some Australian hospitals including the Royal Melbourne Hospital and Epworth in Richmond. The US’s Cybersecurity and Infrastructure Security Agency (CISA) warned last week that the bugs could allow hackers to take full control of robot functions or expose sensitive information.

The robots handle tasks including distributing medication, cleaning and transporting hospital supplies and use sensors, cameras and radio waves to avoid bumping into people and objects.

The technology that powers the robots and allows them to move throughout the hospital is also what made the vulnerabilities so dangerous, according to Asher Brass, an executive at cyber security start-up Cynerio and lead researcher on what has been dubbed JekyllBot: 5 vulnerabilities.

Mr Brass said the bugs were with the base servers used to control the robots, which could have allowed hackers to log in and remotely control the robots from afar, allowing them to potentially spy on patients or interfere with critical patient care.

According to Cynerio, some of the more severe attack scenarios ranked as high as a 9.8 CVE score, which is a measure out of 10 used to classify cyber security threats.

There was no evidence the vulnerabilities, which were in the Homebase Server’s JavaScript and API implementation, have been so far exploited.

More here:

https://www.theaustralian.com.au/business/technology/hospitals-exposed-to-robot-glitch/news-story/582101418ed345a856da54c934f48210

There is also international coverage:

Cybersecurity Company Finds Vulnerabilities in Hospital Robots

Analysis  |  By Eric Wicklund  |   April 21, 2022

The vulnerabilities were found in the Aethon TUG smart autonomous robot, which is used by hundreds of health systems to ferry medications and other supplies throughout the hospital. 

An autonomous robot commonly used in hospitals to transport medication and other supplies from room to room could be hacked and used to spy on patients and staff, according to a New York-based healthcare IoT security company.

Cynerio announced earlier this month that its researchers had discovered five vulnerabilities in the innards of the Aethon TUG smart autonomous robot, which is sued in hundreds of healthcare sites around the world.

Robots like the Aethon TUG are used by hospitals to do light housekeeping and ferry items from one place to another, relying on radio waves, sensors and other technology to open doors, take elevators and maneuver through hallways without hitting anything. More advanced telepresence robots are being used to connect care providers in other locations with patients in their rooms or the Emergency Department and even perform some guided surgeries.

Collectively called the JekyllBot:5, the malware was found in the TUG Homebase Server’s JavaScript and API platforms, as well as a WebSocket that is used to relay commands from the server to the robot. According to a Cynerio press release, these vulnerabilities could:

·         Disrupt or impede the timely delivery of medications and lab samples;

·         Shut down or obstruct hospital elevators and door locking systems;

·         Monitor or even take videos and pictures of patients, staff, and hospital interiors, as well as sensitive patient medical records;

·         Control the robots to allow them to access restricted areas, interact with patients or crash into staff, visitors, and equipment; and

·         Hijack administrative user sessions in the robots’ online portal and inject malware through their browser to enable future cyberattacks on IT and security team members at healthcare facilities.

More here:

https://www.healthleadersmedia.com/technology/cybersecurity-company-finds-vulnerabilities-hospital-robots

The fun for me came with the malware name ‘JekyllBot.5’ or maybe ‘JerkyBot’ with a shaking robot!

The serious message is just how many vulnerabilities there are out there with internet connected devices and how frequently they seem to be allacked.

There is a real need for the providers of these devices to do a good deal more to protect them against attack.

I note, in passing, to see how many of these robots are deployed. They must be useful and cost-effective compared with humans. I was not aware of all this happening so fast! I clearly must get out more!

David.

 

1 comment:

Anonymous said...

If they can't get the security right, what else might they have stuffed up?