Hacking into medical devices: How your medical records could be at risk

HARRISBURG, Pa. -- Hackers gaining access to your credit card information could be the least of your problems.

And those hackers are constantly finding new ways to hack into evolving technology, and now they can even get access to your medical records.

Some medical devices like MRI scanners and pulse monitors are now connected to the internet at hospitals and doctor's offices, which leaves them vulnerable to hackers.

Andrew Hacker, a cybersecurity expert with Harrisburg University, said, "If these devices aren't secure, then hackers can actually get into those devices and use those as a launch point to get to the more valuable data, such as databases that contain all these medical records."

The personal and credit card information for millions of people was exposed after the Equifax data breach. And that credit card information used to be the biggest target for hackers.

Hacker said, "Now, since they can change them over so quickly and you can get issued a new one, they don't have as much value to the bad guys as they used to."

But with a change in technology, comes a risk that hackers can access more personal information from your medical records.

"You can't just roll over and get a new social security number like you do a credit card. So medical records tend to be a lot more valuable than financial records let's say," Hacker said.

Anything from what tests you've had done, to your health status could be breached from those records.

"So getting access to them and sharing them and selling them is actually big business these days," he said.

Those hackers could even get into something as personal as a pacemaker.

Hacker said, "The impact of somebody breaking into a device like that is obviously a lot higher because then it could actually directly affect someone's health if you're changing what that pacemaker is doing, it's very serious."

Experts at places like Harrisburg University are currently working to make sure health information is automatically secure, whether it's in a device or in a database.