Cyber thieves are dedicated to obtaining medical device data from the health care industry. They are now focused on attacking medical devices for sensitive information. A study was conducted by KPMG which showed that more than 80 percent of health care organizations had been victims of cyberthreats during the past few years. Several claim they had important data compromised.
Medical Device Data
The majority of medical devices utilized in the health care industry are placed behind firewalls that meet the latest standards. They are treated as black boxes. They are not accessible by the hospital’s IT people. If there is a problem, representatives from the IT department must contact the manufacturer. When attackers have been successful, the protective measures in place either completely missed the attack or were too late in responding.
Motivation
Security breeches have increased along with the numbers of health care organizations broadening their use and dependence on networks. They are doing this because it is cost-effective. Many of these organizations don’t have effective cybersecurity policies in place. They may have poor data access controls as well as cyberthreat monitoring. In many cases, there could be no security processes in place to handle the electronic maintenance or disposal of medical devices. All of this will provide an environment where hackers find it easy to obtain valuable information.
Concerned
This issue is a serious concern with many health care companies. Most of them don’t know what to do about it and feel paralyzed. How to properly encrypt data remains a mystery to the majority of them. The U.S. Food and Drug Administration has issued new guidelines for medical device manufacturers. These guidelines provide incentives for manufacturers to increase the cybersecurity utilized within their products. Prior to this, vendors did not regularly provide security updates to a health care provider’s operating system.
Policy Changes
Experts recommend health care providers change their policies to address this threat. This includes making changes for each of its individual departments. Addressing their cybersecurity issues will require developing a single successful policy. This should be something each department is required to follow. Device access control needs to be made stronger. Assessments need to be done regularly with ongoing software updates that are implemented as soon as possible.
Avoidable Mistakes
There are times when medical devices experience cyber attacks that could have been avoided. Many health care organizations fail to make certain their medical devices operate with the latest available operating system. In many cases, the default settings that are part of a device aren’t regularly changed. These maintenance issues may seem minor, but they provide an excellent opportunity for an attacker to enter a health care organization’s network. This will enable them to discover security gaps and network vulnerabilities.
Blood Gas Analyzer (BGA)
This occurred at a hospital that appeared to not have any cyber security problems. They utilized highly recommended cyber defense products for their industry. This cyber defense provided antivirus protection, intrusion detection, a strong firewall and more. While their network was being monitored, an attacker was identified moving around seeking targets. Further investigation showed the attacker was able to obtain data from three BGAs in the hospital’s lab. The cyber attack occurred in their network’s backdoor. Experts believe the BGA was just a place for the intruder to launch a larger cyber attack.
Covering All Bases
To successfully prevent attackers will require health care organizations to cover all their bases when it comes to cybersecurity. This will require them to be proactive when trying to protect against data that has been lost. Detecting breaches will secure legacy systems, safeguard medical devices and more.
Learn More about Medical Device News.