Grey’s Anatomy Hospital Hack: “It’s Getting Hot in Here…”

In its fall cliffhanger episode, ABC Television’s Grey’s Anatomy touched on a vital new issue in our world: cyber terror.

(Note: The following contains spoiler alerts for the final episode of the season.)

The hospital is panicked as hackers demand millions in ransom to lower the heat. It is sheer pandemonium as a hacked heating, ventilation, and air conditioning (HVAC) system wreaks havoc on patients and staff alike.

The TV drama showcases a comedic series of events as characters deal with the “crisis of the hour.” Producers of the show manage to bring the issue to the small screen with a bit of a laugh; staff are able to open the locked door to the blood supply room by shocking the keypad with a defibrillator.

But the reality of this possibly happening in real life is a bit scarier.

Here’s the truth: the healthcare industry is vulnerable to attack. Many new devices used in healthcare are web-enabled — heart monitors, blood pressure meters, glucometers, and more.

The Internet of Things revolution has swept the medical field, bringing revolutionary new features to patients and healthcare professionals alike, not the least of which allows doctors and nurses to continuously monitor patients, and respond quickly when needed.

Unfortunately, web-enabled devices like this do not limit communication. “Web-enabled” means these devices can communicate worldwide. That’s right: computers, servers and databases —all that fancy new high-tech hospital equipment — can communicate around the world.

You might be asking: what about firewalls?

Aren’t these systems protected from hackers by firewalls? Yes, firewalls generally do a great job of keeping the majority of attackers out.

However, if hackers can get behind a firewall, they are free to connect inside and outside. They can look for vulnerable systems, offload data, or even open a channel for remote control, like the scenario in this episode of Grey’s Anatomy.

HOPZERO’s solution limits the distance that communication can travel between devices, like high-value databases, military servers, and hospital equipment — even the smart thermostat on your wall.

For example, health monitors and thermostats can be limited to not communicate outside the hospital, or a database can be limited to only be accessible inside the data center, or even directly with a single-server rack.

This is not just Hollywood hype.

We recently found an HVAC system communicating around the world…as shown in our product assessment below. This HVAC system was located behind a firewall with direct access to all other systems in the data center.

Who was this server connecting with and why? Knowing with whom your systems are communicating is the first order of business. When “Where and with whom?” are known, you can begin to mitigate distant nefarious actors from exfiltrating your data or controlling your systems.

What do you think? Is it better to trust firewalls alone or to add constraints to keep your data under your control? Let us know in the comments below.

Note: Blue dots represent worldwide locations that were communicating with the HVAC system.

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.