These days, technology is continually evolving—and as technology moves forward, so do the techniques hackers use to disable or infect it. At first, these techniques were mostly annoying, but as the world becomes increasingly dependent on computers and the related tools, hackers are becoming increasingly dangerous.

Not only do hackers try to reach into our personal computers, email accounts, bank records and websites, but now there’s a chance that they could directly affect our health. In fact, according to a recent report, the Veterans Health Administration (VA) has been actively taking precautions to prevent what it calls cyber-attacks on both clinical information and patient-care devices since 2009.

Equipment such as imaging machines, glucometers, picture archiving and communications systems, along with pharmacy dispensing cabinets, are getting extra protection, thanks to the VA’s IT department. They’re placing these types of items on their own internal network and isolating them from the hospitals’ main networks in an effort to protect them from computer viruses. While the hospitals’ networks have some protection in place, the VA reports that some viruses still slip through.

This move was a major project that meant that the VA needed to centralize its IT system through all of its patient care facilities. This meant categorizing more than 50,000 different medical devices by function and manufacturer and putting them on individual virtual-local area networks (VLANS.) VLANS allow the devices to be disconnected from the internet (and therefore eliminate the risk of hacking), but still allow caregivers to access and monitor the devices from a remote location.

Even with all of these precautions in place, the VA has found malware in more than 160 devices since January of 2009. According to Charles Gephart, the VA’s director of IT field security operations, these viruses could be minor, but in some cases, they could be very serious. Though the primary focus has been on protecting private patient information from identity theft, Gephart said that many IT security experts are concerned that patient care could be compromised by terrorists who want to cause destruction and fear, or even by a particularly aggressive viral infection.

These concerns are very real, Gephart said, because cyber-attackers could potentially infect medical devices that are implanted in patients, as well as devices that are used for monitoring their care and dispensing their prescriptions. He said that in some cases, the issue might be so subtle that it couldn’t be detected—and that could be a major problem because even the smallest variance in such devices could cause harm to the patients involved.

There have already been signs that this could become a genuine concern for healthcare providers. For example, back in 2009, hospitals in the US and around the globe found that medical devices that were connected to the internet were infected with the Conflicker virus.

Conflicker works by attaching itself to Windows operating systems that don’t have a security patch to protect against it, and then it reports back to its creator via the internet periodically. The virus can actually rewrite Windows—and if medical devices are connected to the infected computer, it can cause them to malfunction.

In fact, according to a Symantec health IT officer, the company had reports from a surprising number of clients who said that their pharmacy dispensing cabinets would lock up or improperly record information after having been infected with Conflicker. The officer said the cabinets came from a variety of manufacturers, so it wasn’t just a weakness in a single type of machine.

And in July of 2010, Kern Medical Center, a 172-bed hospital in California, was infected by a virus that was so aggressive that it actually shut down the hospital’s EHR system for about two weeks. The staff had to resort to using paper records instead.

Do you think medical devices are a potential terrorist target? Tell us in the comments!