From patient record databases in hospitals to MRIs, medical devices and technology solutions are ubiquitous in any clinical setting. For medical practitioners, these products are a boon that allows them to access critical files and lab tests on-demand—and herein lies the problem. The current coronavirus pandemic that's overwhelming hospitals and healthcare services everywhere has led to an increase in cybersecurity attacks.
Healthcare organizations already stretched to the brink are using connected medical devices that are being targeted by hackers for inherent vulnerabilities so they can penetrate the network. Interpol issued an alert that cybercriminals are using ransomware targeting hospitals and healthcare services. Threat actors hold hostage vital digital files and systems hospitals and healthcare services use until they pay a ransom. This despicable act of locking medical providers out of their systems can delay a swift response and lead to more deaths.
The issue with medical technology is the cybersecurity isn't up to the level of where it needs to be, and criminals know this. Manufacturers that build these products have a treasure trove of sensitive information on vendors and clients alike. If medical device makers don't perform their due diligence by conducting a criminal records search on new employees, one bad actor on the inside can steal all their valuable data or give network access to hackers from the outside.
Weak Links in the Medtech Manufacturing Industry
While some medical manufacturers are shoring up their cybersecurity response, others aren't, and they may be exposing their weak IT infrastructure to cyberattacks. Following are the most vulnerable network points that need immediate attention.
Compromised Cloud Infrastructure
Plenty of medical manufacturers are leveraging the power of the cloud to advance healthcare technology because sharing information with speed and efficiency can save lives. However, the lack of cloud computing professionals working in these companies or the current staff's lack of knowledge in port data security and legacy systems can lead to holes in the cloud architecture that cybercriminals can exploit. Regular scanning can detect these vulnerabilities, but not all manufacturers are up to the task.
While using open-source software isn't inherently wrong, developers need to devote their time and effort to make proprietary changes to the code that improves security and locks it down so no one outside the organization can penetrate it. By definition, open-source software means everyone has the same access to the lines of code that make it up. If a lazy developer uses the code "as is" or installs an untested program from an unsecured hard drive, hackers can easily bypass and infiltrate the system.
Poor Internal Security Protocols
Some manufacturers don't have stringent internal security policies in place to secure the premises from rogue employees and protect their sensitive data. As harsh as it sounds, the weakest link in any organization will always be the employees. This is why the vetting process before hiring should include criminal records search and other checks to ensure the person is legit even before he or she steps inside the building. There should be a culture of data protection instilled in everyone, so no one can make the common mistake of using unsecured freeware, using unsecured WiFi, or responding to phishing attempts. Employees should be informed about tools such as email lookup, and username search that can help them to be protected from common scams.
URGENT/11: Cybersecurity Vulnerabilities That Affect Medical Devices and Networks
The U.S. Food and Drug Administration warned IT professionals, healthcare organizations, patients, and device manufacturers of cybersecurity vulnerabilities in hospital networks and connected medical devices, otherwise known as URGENT/11. The risk of a remote attacker exploiting URGENT/11 is real and could pose security and safety risks for everything connected to the network.
The URGENT/11 vulnerabilities revolve around IPnet, third-party software that computers use to communicate with one another on the network. These cybersecurity vulnerabilities can let hackers take control of a medical device and change how it functions, leak information, or launch denial of service (DoS) attacks. Six different operating systems used in connected equipment like routers are affected by this vulnerability.
- Microsoft's ThreadX
- IP Infusion's ZebOS
- GreenHills' INTEGRITY
- TRON's ITRON
- Wind River's VxWorks
- ENEA's Operating System Embedded (OSE)
IT security teams should make it a point to monitor network traffic logs for any URGENT/11 exploits taking place and harden their security protocols by using firewalls and a virtual private network (VPN) to reduce their exposure footprint. Manufacturers should also reach out to patients who are using medical devices to help them with security patches.
Medical device manufacturers should shore up their cybersecurity defenses to prevent data theft and make their products more robust so they can withstand a cyberattack while in use. The ball is in their court to ensure hospitals and patients stay safe from cybercriminals looking to cash in on the current COVID-19 chaos.
Ben Hartwig is a web operations executive at InfoTracer who takes a wide view from the whole system. He authors guides on entire security posture, both physical and cyber. Hartwig enjoys sharing best practices.