In a modern hospital with a complex technological network, building control systems (BCS) are able to oversee and automate many functions. BCS can monitor and adjust environmental controls such as lighting, temperature, pressurization, humidity, and life support systems. Nurses can use BCS to keep maintain the bed and patient tracking along with vitals through connected machines. Aspects such as ventilation and pressurization are critical for disease control.
BCS is vital for security as well, managing restricted areas, alarms, elevators, and key card entrances – providing digital notifications in cases of intrusion. Furthermore, in the context of contemporary care where patient satisfaction is paramount, BCS can be integrated into media and communication technologies to ensure a patient has access to everything they need. When performing these numerous tasks, BCS collects a significant amount of data on the building, staff, and patients which are stored and analyzed (Prudenzi, Fioravanti, & Regoli, 2018).
Hacking into the hospital BCS is done via social hacking or through phishing. Once a hacker gains administrative access, they may choose to control a wide variety of devices. For example, there was an instance where all life support devices were paralyzed by a virus, resulting in the hospital turning patients away. A hacker may choose to control various building life support and security systems, creating panic or terror. However, most hackers choose to access valuable IT and personal data information collected and stored in the BCS servers.
Various sensitive data ranging from patient’s and staff’s personal information such as Social Security numbers to health-related data that can be sold and used for blackmail by sinister parties (Gabriel, Noblin, Rutherford, Walden, & Cortelyou-Ward, 2018). Hackers are increasingly targeting medical institutions because they are vulnerable and highly lucrative. Despite having such widespread automated and Smart networks the likes of BCS, healthcare facilities often have slowly updated systems with wide-open vulnerabilities and do not have the ability to limit access points.
Meanwhile, the hacking of a hospital can be lucrative due to the sensitive health information which can be held ransom or sold to third parties on the dark web, commonly being more valuable than any credit card information.
Gabriel, M.H., Noblin, A., & Rutherford, A., Walden, A., & Cortelyou-Ward, K. (2018). Data breach locations, types, and associated characteristics among US hospitals. The American Journal of Managed Care, 24(2), 78-84.
Prudenzi, A., Fioravanti, A., & Regoli, M. (2018). A low-cost internet of things integration platform for a centralized supervising system of building technology systems in hospitals. In 2018 IEEE international conference on environment and electrical engineering and 2018 IEEE industrial and commercial power systems Europe (pp. 1-6). Palermo, Italy: Department of Education.