Thought leadership in the healthcare and medical device manufacturing space drives innovative products that improve patient outcomes. But for every forward-thinking medical device, a hacker takes out a digital magnifying glass staring it down for the slightest vulnerability. While we, as a community, should never shy away from employing technology to deliver the best possible treatment and care, cyber security threats in healthcare are a dark reality. But by understanding how healthcare technology becomes at risk, we can deter and repel cyber attacks on medical devices.
The World Health Organization defines a healthcare device as “any instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software, material or other similar or related article.” That broad understanding goes beyond the global chess match being played out between cyber security professionals and digital criminals. In terms of healthcare cyber security, devices that connect to the internet or sync with Bluetooth-style systems, such as the following, present cyber security vulnerabilities.
It’s also important to note that a wide range of IoT devices possess healthcare and medical device connectivity. Trendy “wearables” such as FitBits, Smart Watches, and others typically connect with laptops, desktops, and cellular phones. That makes them a perfect backdoor for hackers to use in a digital burglary. Perhaps an article published by Security magazine articulated the importance of cyber security in healthcare by highlighting the tremendous risk associated with unsecured devices.
“Hospitals today have tens of thousands of medical devices connected to their networks. Most are never patched and many contain significant cyber security vulnerabilities,” according to Security. “The scariest risk, however, is that medical devices could pose a dangerous safety threat to the patients they diagnose, treat, monitor, or manage. As such, it is the patient safety concern that troubles most people when discussing this subject.”
The healthcare industry consistently ranks among the most targeted by hackers. Hospitals reportedly experienced a 239 percent rise in cyber attacks over the last four years. Those and other data breaches resulted in 88 million patient records being compromised. Small and mid-sized healthcare facilities have not been immune to this digital plague. That’s largely because garden variety hackers deploy standard phishing schemes designed to trick employees into downloading a malicious application or malware-laced file. These are the major cyber security threats in healthcare today.
The U.S. Food and Drug Administration is tasked with regulating and enforcing medical device cybersecurity standards. Older devices and systems that healthcare organizations have already purchased cannot always be upgraded. Healthcare outfits too often keep these products despite the fact they remain easier to exploit.
Healthcare IoT presents a similar problem to outdated legacy systems. Manufacturers produced cost-effective devices for the healthcare sector. The caveat was these items possessed limited expansion and patching capacity. Now that hackers are finding cracks in healthcare IoT devices, many cannot be upgraded and adequately secured. While some are still in use, new mandates require medical device manufacturers to create products that can be patched and updated to meet emerging threats.
Sophisticated cyber criminals with the tools and skills to use IoT devices to end-run forward-facing defenses can wreak havoc inside a healthcare network. When a thief leverages an employee's username and password, the hacker has access to the same digital assets. By implementing zero-trust policies, limits are set on every user profile. This, in turn, helps restrict the cyber criminal’s ability to steal valuable and sensitive digital assets. It’s essential to convey to your valued employees that such cyber security strategies are no reflection of their work ethic or the trust you put in their daily commitment.
At CyberTeam, our managed IT and cyber security experts have the experience and technology you need to protect your company from a healthcare data breach. Our cyber security risk management solutions help our clients protect their business interests and intelligence, so they can focus on growth. If you are interested in having a cyber security risk assessment performed, contact CyberTeam and schedule a risk assessment to learn more about your vulnerabilities and how we can help.