In early 2016, high-profile ransomware attacks on hospitals—a cybersecurity trend EiQ has posted about before—demonstrated that profit-minded hackers are now targeting the medical industry. Recent incidents show that medtech companies will continue to be at risk of cyber attacks unless they invest in proactive solutions such as network security monitoring.
Below is a review of recent medical technology compromises, along with an exploration into why this is happening and what medtech companies can do to protect themselves.
Recent Cyber Attacks on Hospitals
DeKalb Health, a general medical and surgical hospital in Auburn, Indiana, is one of the latest cases of a ransomware attack on a medical facility. In May 2016, their administrative computer systems were infected by ransomware: malicious software that encrypts or otherwise blocks access to needed files and demands a ransom payment to release them.
It's not clear whether or not DeKalb Health paid the ransom, but according to a statement released by their spokesperson, they likely didn't, which is in line with the FBI's advice for these situations. Instead, DeKalb Health simply relied on backup systems and diverted patients elsewhere for the short term. However, the incident must have cost the hospital terribly. Had they invested in security monitoring and other technologies such as SIEM prior to an attack, they could have protected their systems by catching warning signs early on.
Hospital computer networks aren't the only resources in the medical industry currently suffering from data breaches and other cybersecurity problems—individual medical devices are at risk of failing or being breached too. It's fairly easy for hackers to compromise any of the thousands of life-saving devices a hospital keeps on its WiFi network.
Why Hospitals are Increasingly Vulnerable
Hospitals are a lucrative target for malicious actors—as discussed previously, medical records are worth much more on the black market than credit card information. Stolen health credentials are worth about $10 each, far more than payment data. This is because while financial institutions can block access to compromised bank accounts, the sort of information in medical records—a person's blood type, for instance—cannot be changed easily or, in some situations, at all. This type of data could even be used for blackmail.
Another reason hospitals are prime targets is that these facilities are high-pressure environments where it can be challenging to implement the calm rationality of a security mindset. Under-resourced and overwhelmed by patients' needs, hospital staff can easily make mistakes that weaken cyber defenses, such as misconfiguring security tools.
Dangerous Time-Saving Shortcuts
In an effort to save time, some staff might conduct some of their work communications from their own personal cellphones instead of authorized hospital systems. This is simply an example of the Bring Your Own Device (BYOD) trend, but in this scenario, it creates multiple dangerous problems in terms of increasing the risk of a hack and breaking compliance rules.
As security practices break down during the confusion of managing triage and everything else, hospitals may find themselves violating HIPAA requirements. They also present an attractive target to unscrupulous hackers who might be crafting spear-phishing links or using other techniques in order to penetrate hospital networks.
The Cure for Hospital Cybersecurity
The good news is that despite existing in a unique environment, hospital computers and devices follow the same basic rules as any other digital machine or network. That means cybersecurity solutions that work in other domains can work for medtech too. Security tools such as network security monitoring and managed security services, which can identify vulnerabilities and suspicious behavior before a cyber attack happens, are necessary for organizations who want to prevent serious cybersecurity problems.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!
Feature Photo: Kaspars Grinvalds / Shutterstock.com