Hospital Robot Investigation Reveals Potential Cybersecurity Risks
Increasing use of autonomous robotics in hospital and patient care environments means more careful examination of security risks - and immediate measures to patch vulnerabilities when detected.
With the onset of the COVID-19 pandemic came increasing pressure for hospital staff. Several companies were able to provide autonomous mobile robots intended for nonsurgical tasks in order to reduce the load on nurses and hospital staff. These robots were also used to reduce exposure to the disease, helping to reduce further infection risk for hospital workers and patients. The growing use of robotics in hospitals has led to some discussion regarding their role in human healthcare.
Cybersecurity is a critical part of any product or process with access to a remote control system - even if the control system isn’t connected to the internet. Image used courtesy of Canva
Cynerio, a cybersecurity company providing IoT solutions particularly for the healthcare industry, has recently shown several weak points in cyber security regarding autonomous robotics in hospitals. They were able to show five different ways that Aethon robots could be hacked and controlled. In some cases, the robots were able to be hacked remotely over the internet. Aethon has fixed the bugs in their robots with a software update immediately after Cynerio informed them about the security issues.
At this time, no information is available that indicates there were actually cases of malicious hacking, but potential vulnerabilities must always be addressed right away.
Bypassing Cybersecurity in the Hospital
The work done by Cynerio showed several different ways that autonomous robots could be hacked and used in ways they were not intended. The robots that underwent the test are the workhorses of the hospital, carrying different drugs and supplies throughout the hospital. These robots often have clearance into secure areas and the hackers were able to gain access to these security areas via the robots. The cameras on the robots gave visible access inside patients' rooms, and could leak private information if such was available to the field of view of the cameras.
Aethon’s TUG robot for carrying a payload. Aethon was quick to address security flaws upon discovery. Image used courtesy of Aethon
Asher Brass, the lead researcher on the Aethon vulnerabilities, warned that the flaws required a “very low skill set for exploitation.” They were able to control the robots in some cases by bypassing the admin password using a guest account. With a joystick device they were able to control the robots to move through hallways, open medication drawers, and potentially spy on patients and internal healthcare processes.
The robots themselves were not the weak link in the system, but the servers used to control the robots. Since the problem was mainly isolated to the base servers, gaining access to the robots was usually limited to local access, meaning the hacker must be physically located and connected with the local hospital network. They were able to gain remote access on some systems, however, if the server was connected to the internet.
Industry-Wide Cyber Security
Although in this particular instance the robots being targeted were in the healthcare system, it should be eye-opening to companies who use autonomous robots for any sort of daily task. Autonomous robots are used in many different industries, such as distribution centers and warehouses for product storage and retrieval.
Manufacturers should take note of the recent security breaches in healthcare robotics and make sure their systems are protected. Although the stakes for human injury might be lower in a manufacturing or logistics situation compared to patient care, hacked robots could create major problems. With cloud-based systems, robots could be hacked from the internet anywhere in the world.
Autonomous mobile robots are used in all kinds of industries, and security flaws should never be taken lightly. Image used courtesy of Canva
Robots are continuously becoming more prevalent in our world. From our hospitals to our warehouses, autonomous robots hold a big role in the success of many of our industries. Cybersecurity may become much more pressing if companies don't take proper precautions to keep their robotic fleets from being hacked. Hacked robots have the potential to see secret information or gain access to places with high levels of security.