Although malfunctions sometimes occur, the safety of medical devices has improved over the years. But now researchers are starting to find vulnerabilities in new hospital technologies that were so common years ago.

These are autonomous hospital jobs that are supposed to be self-directed digital couriers that can transport medicine, beds, food, medicine and laboratory samples over hospital grounds. Artifacts created by Aethon are equipped with space for the transport of critical goods and have special access to enter the hospital’s enclosed sections and take the elevators.

Researchers from Cynerio, a cybersecurity startup specializing in protecting hospital and medical systems, found five unprecedented vulnerabilities in Aethon’s study.

The five vulnerabilities, which Cynerio calls JekyllBot: 5, relate not to the robots themselves but to the underlying servers used to communicate and manage them. Hacking allows hackers to create new users with high access; this allows them to log in and remotely control robots to access restricted areas, spy on patients or guests with built-in cameras, or otherwise create chaos.

Asher Brass, a leading researcher on Aethon vulnerabilities, warned that exploiting them requires a “very low skill set”.

In a statement to TechCrunch, ST Engineering CEO Aethon Peter Saff confirmed the vulnerabilities but declined to answer questions. For example, what percentage of offline robots were fixed after the software was updated.