News
Security Vulnerabilities uncovered in Hospital Information Systems
In a study commissioned by the German Federal Office for Information Security (BSI), ATHENE researchers at Fraunhofer SIT identified significant security vulnerabilities in widely used hospital information systems (HIS). The vulnerabilities were found in the areas of data transmission, access management, and the distribution of software updates, and could have serious consequences for clinical care if successfully exploited.
As part of a comprehensive penetration test, two of the most commonly used HIS systems were examined, and the security vulnerabilities identified were communicated to the manufacturers in accordance with the Coordinated Vulnerability Disclosure process. The manufacturers concerned responded cooperatively and promptly implemented appropriate security measures, resulting in a significant improvement in security for hospitals that use the systems and have installed the updates provided. Based on the findings of the investigation, specific recommendations for action were also developed for HIS manufacturers and hospital operators, with the aim of improving overall IT security in the healthcare sector.
The complete study results and the recommendations for action will be presented at DMEA, Europe's leading event for digital health, on April 9 and 10 in Berlin, and can be viewed on the BSI website.
show all news