Hackers Are Coming For Medical Devices, Here's How to Defend
- 222 medical companies reported hacking incidents, affecting more than 11 million patient records in 2018.
- Data breaches cost hospital organizations an estimated $423 per each breach patient record.
The healthcare industry today is being exploited by cybercriminals that not only pose a threat to data but human lives too. The most common types of cyber threats impacting the industry are ransomware, malware, data breaches, DDoS, and cryptojacking.
Attacks that made headlines
Data breaches cost hospital organizations an estimated $423 per breached patient record, as reported by Healthitsecurity.com.
- In June 2019, NEO Urology was attacked and ended up paying $75,000 to regain access to their system and data.
- In February 2019, a ransomware attack on the Southeastern Council on Alcoholism and Drug Dependence resulted in them having to notify 25,148 patients that their data was potentially breached.
- A phishing attack against a Montpellier Medical Center infected more than 600 computers. Because they were using independent internal networks, the virus was prevented from spreading to all of its 6,000 machines.
Experts suggest there could be more attacks that have occurred but kept confidential.
Why it matters?
Patient's life and data safety, and damage to a healthcare provider's reputation are among the consequences of networks being attacked.
- Attackers are generally benefited by patient's medical data, which they can sell or use for various nefarious purposes including blackmailing, credential stuffing attacks, spear phishing, and more.
- According to CBS News and Protenus, 222 medical companies reported hacking incidents, affecting more than 11 million patient records in 2018.
- Patient medical records and credit card data are also being sold on the dark web.
- Cybersecurity risks extend to patient safety as well. For example, electrical pulses regulating the heart in a pacemaker can be made to show wrong readings.
Various ways to protect data, services and devices
In the current scenario, it is crucial to outfox cybercriminals by protecting connected medical equipment. Medical devices need protection against cyberattacks, from original manufacturer assembly lines to updates in the field. The healthcare industry, which has been slow in adopting technologies, must increase its pace in adopting cybersecurity measures. Here’s how to do it smartly.
- Secure transactional endpoints: To start with, endpoints must be secured with better knowledge and practices for website, network and database security using digital certificates and online security policies. This includes the process of transferring and storing information, conducting online transactions, recording and securing confidential data.
- Advancements in email security: Use Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates to secure email communication. This helps protect against phishing attacks and BEC attacks.
- Some of the top features and technologies that manufacturers, suppliers, and developers in the sector are adopting for connected device security are secure boot, device identity certificates, embedded firewall, secure element integration, secure remote updates, etc.
Apart from this, healthcare firms must also increase their efforts in training their staff to appropriately manage and respond to a security incident.
Keeping medical devices and information safe from cyberattacks will continue to be a battle since criminals also up their game frequently. They are always improving their techniques, attack vectors, and tools. Staying abreast of the latest cybersecurity trends, adopting modern security solutions, and using smart security procedures and software can save healthcare firms from cyber threats.