We’re witnessing an unprecedented surge in the number of people infected by COVID-19 during what will probably be coined the most notorious pandemic of the modern era. And with the numbers going up every day, this pandemic is far from being over.
Due to the high rate of infection, hospitals all over the world are being flooded with new patients ranging from light cases of fever to life-threatening respiratory complications. Given that the health systems in most countries are usually quite strained under normal circumstances, it’s easy to understand why some of them are experiencing nothing less than all-out emergency. Hospitals are well over capacity; the medical staff is collapsing under the sheer amount of work and some facilities are experiencing extreme shortages of medical supplies.
Amid all this crudely orchestrated chaos, there is one common denominator among all the countries dealing with this catastrophe of epic proportion – technology. Some are using specially developed apps in order to address the need for surveillance and ensure containment of an ever-growing infected population. Others are building ad hoc ICUs, which are monitoring their isolated patients with an array of cameras, and others still are controlling and managing their medical equipment remotely.
In this era of ever-expanding technological capabilities, steps like these are overwhelmingly welcomed. While many see these advancements as timely blessings in a time of crisis, they are, in fact, potentially ticking time bombs awaiting malicious exploitation by mal-intentioned individuals and organizations.
It comes as no surprise that remotely managed interfaces have been exploited since their inception. Malicious players have been targeting cameras and control interfaces as far back as the time they were introduced to the internet, and even before that. A fact well known to the cyber-security community, but of which the general population is quite oblivious, is that medical equipment, while highly effective and useful, is usually built without any security considerations in mind.
In order to vividly illustrate this point and make it painfully clear just how dangerous this is, I will share a personal anecdote. I was once assigned the task of infiltrating a management interface which oversaw the flow of medicine into multiple patients’ IVs. It took no more than an internet browser, such as Internet Explorer, and a minute and a half of my time to gain complete control over the entire interface. To put it bluntly, this gave me the ability to kill all those whose IVs were managed by that same interface.
Black hat hackers, the malevolent counterparts of white hat hackers, are always on the lookout for ways to make easy money, achieve fame or make an impact in ways which coincide with their personal or group ideology. In a world in which security standards are constantly and consistently heightened, they must find increasingly ingenious ways to fulfill their goals. It is of no surprise that banks are common targets, as they provide a seemingly inexhaustible source of money. Conversely, it is a lesser known fact that hospitals see their fair share of cyber-crimes. Shameless hackers usually target them for their information. The medical records in their possession can be sold for sums of money ranging from mere pennies to several dollars and even hundreds of dollars per record!
Financial institutions, tech startups and the like, tend to shell out enormous amounts of money on their security; money that businesses and institutions that are less technologically oriented, such as hospitals, tend to allocate to departments where the funds are more needed. Any surplus in the budget could be spent on better equipment, higher compensation for the staff and other comparable necessities. Consequentially, just like their purposely tasked equipment, hospitals tend to be on the lower end of the security spectrum, relatively speaking. Expectedly, when the walls are low and the rewards tempting, it is no wonder that many heinous players seek to exploit and subsequently profit.
Nowadays, while COVID-19 runs amok, the technological solutions that are being spearheaded by governments and health organizations – now, more than ever – act as lethal double-edged swords. On one hand, while they allow for a better response to and control over this rapidly growing pandemic, they serve as low hanging and highly valued fruit for the taking. The applications that are used to track and manage the containment of civilian populations can be hacked into and have their information stolen. Hackers can obtain personal information of millions of people if they manage to gain access to the underlying databases and servers. Furthermore, and alarmingly so, there is the possibility for hackers to gain access to the cameras and monitors of patients that are stationed in the newly constructed and hastily prepared ICUs. Access to cameras would allow hackers to spy on the hospitalized patients, eliminating all privacy, or worse, prevent hospital staff from seeing the patients – a potentially lethal possibility in the probable case of complications. Worst of all is the scenario in which medical equipment is compromised; hackers can then kill with a literal press of a button.
In my humble and personal opinion, I fear that it is only a matter of time before we see the consequences of this hastily made “great leap forward” in the use of technology for surveillance and management of civilians and patients. Now, more than ever, there is a need to improve the security standards of crucial cornerstones of society which now, twice-over, include our hospitals and their improvised extensions. We must elevate hospitals’ security standards by testing them frequently and consistently in order to preserve not only our privacy, but our lives.