Computer-controlled medical devices and the healthcare industry are becoming targets of cyberattacks

The healthcare industry is becoming the target of cyberattacks. According to KPMG, an international network of auditing and consulting companies, 67% of healthcare managers recognize malware as their biggest security problem. Another 32% worry about the safety of medical devices.

According to Privacy Analytics, a company engaged in the analysis of health services, since 2009, 1286 cases have been reported and more than 153 million people have been affected. The cost of violations is estimated at around 31 billion dollars.

While 65% of respondents believe that some of the biggest gaps in data security come from outside attacks, 35% say that wireless communication opens the door for security breaches. About 44% of respondents said they had tracked 1 to 50 breach attempts in the last 12 months, and one of the participants said they saw an increase of 1000 percent in the number of incidents after the implementation of the Operational Security Center, according to the same KPMG report. The Operational Safety Center is a central unit that deals with security issues at the organizational and technical level. OPB is supervised by employees with the use of data processing technology. Typically, SOC is equipped to monitor access and control of lighting, alarms and vehicle barriers. Needless to say what can happen if malware takes over this system.

Implanted Medical Devices (IMD) and other medical devices have also been found vulnerable to hacker attacks, the FDA (Food and Drug Administration) has recently issued a notice regarding the safety of infusion pumps used in hospitals. Considering the value of the US market, which is estimated at around $ 110 billion and is expected to reach $ 133 billion in 2016, the number of IMD and medical devices connected to the Internet will increase and open the door for new intrusion attempts that can threaten human life.

"Having life support devices connected to an unsecured network that is vulnerable to hacker attacks is comparable to leaving the house without shutting it down, in a dangerous area, for the whole holiday, and hoping it will not be robbed until you return home." , said Catalin Cosoi, Chief Bitdefender Security Strategist . "We can not hide our heads in the sand when we talk about devices that ultimately are responsible for keeping us alive."

Current recommendations issued by the FDA and the US Department of Industrial Control Systems Cyber ​​Emergency Response Team Homeland Security (ICS-CERT) for sensitive medical equipment include disconnecting the device from a contaminated network - even if it can affect work - and closing the FTP and Telnet ports.

"Disconnect the infected product from the network. Make sure that unused ports are closed, including port 20 / FTP and port 23 / TELNET," reads the FDA warning. "Monitor and log all network traffic trying to reach a damaged product via port 20 / FTP, port 23 / TELNET and Port 8443. Contact Hospira to change the default password used to access Port 8443 or close it."

Already more than 2.5 million people rely on Implanted medical devices to control various diseases, but the lack of safety of medical equipment and OTS (Off-the-shelf) software update procedures can have serious consequences.

A social advertisement published by the Federal Bureau of Investigation says that all patients should be informed about the possibilities of all medical devices intended for home use.

"Patients should be informed about the possibilities of any medical devices intended for home use , " says a social advertisement . "If the device can be remotely controlled and made to transmit data, it can be the target of malware."

The risk related to cybersecurity in medical devices and IMDS connected to the network should be minimized by implementing industry standards, both for entire hospitals and producers of such devices.

source: Bitdefender

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.