Full Disclosure mailing list archives
Re: Reliable reports on attacks on medical software and IT-systems available?
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 13 Aug 2010 09:53:46 -0400
On Wed, Aug 11, 2010 at 10:48 PM, <Caspian () random-interrupt org> wrote:
halfdog wrote:Paul Schmehl wrote:--On Tuesday, August 10, 2010 21:03:35 +0000 halfdog <me () halfdog net> wrote:
[SNIP]
* Medical personal in hospitals with high grade of IT-system usage are so trained and skilled, so that they detect manipulation and no harm is doneLaughable. Medical personnel wouldn't have a clue about whether their systems have been hacked. Their IT staff *might*.Most Radiology personnel would catch on to this pretty quickly- assuming it was meant to be a lethal attack. Pretty much any operator who has to train to the level these people do should be able to spot a lethal attack in progress, since the attack would cause the machine to behave erratically.
Like the Therac-25? "...it was involved with at least six accidents between 1985 and 1987, in which patients were given massive overdoses of radiation, approximately 100 times the intended dose... Three of the six patients died as a direct consequence....." ( (http://en.wikipedia.org/wiki/Therac-25). BTW, what is the difference in erratic behavior due to a software bug, and erratic behavior due to an attacker?
You need the equivalent of an associate's degree to be an x-ray tech where I am, at least, and I think it's the same for most of North America and Europe. Hospitals often have their own specialists who tend to train like pilots- a certain number of hours with a specific machine, and then retraining when it gets updated. IT staff are sometimes part of that group. [SNIP]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Reliable reports on attacks on medical software and IT-systems available? halfdog (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? halfdog (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? Paul Schmehl (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? halfdog (Aug 11)
- Re: Reliable reports on attacks on medical software and IT-systems available? Caspian (Aug 12)
- Re: Reliable reports on attacks on medical software and IT-systems available? Paul Schmehl (Aug 12)
- Re: Reliable reports on attacks on medical software and IT-systems available? Jeffrey Walton (Aug 13)
- Re: Reliable reports on attacks on medical software and IT-systems available? Paul Schmehl (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? halfdog (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? BMF (Aug 10)
- Re: Reliable reports on attacks on medical software and IT-systems available? Shawn Merdinger (Aug 25)