The Disturbing Cyber Threat Targeting Medical Devices

Brian W. Horton, CEO, IT Strategy, Inc
Hackers have found another way to extort the medical community and their patients. There's a disturbing trend of cyber-thieves targeting medical devices in doctors' offices and hospitals. The very medical devices that provide life saving treatment are now being targeted by hackers - for profit.
Just recently, researchers discovered a new version of MEDJACK, which is leaving medical devices, like x-ray machines and MRI scanners, vulnerable for cyber-criminals. Initially discovered in 2015, the MEDJACK malware was developed as an intentional and organized initiative targeting hospital networks. The latest version to be discovered allows the threat actor to steal patient data, exfiltrating it from the network.
The issue starts with how these devices were made. The purpose behind these types of devices are their unique functions: heart monitoring, insulin pumps, dispensing of medication, medical imaging, etc. Cybersecurity was rarely, if ever, considered during the design and development of these devices. As medical organizations continue to push the boundaries of interconnecting devices, software, patient records, etc., these devices must now be placed on computer networks. This useful interconnection can also make breach possible.
Compounding the situation is federal regulation which now mandates such interoperability - think MACRA. The breach of medical devices is highly lucrative for hackers. In addition to locking down and encrypting computer data for ransom, medical devices could now be rendered useless until monetary demands are met. Imagine telling your staff the MRI scanner cannot be used because it was breached. Or perhaps explain to a patient their sensitive test results were stolen directly from the device. Worse yet, a machine is compromised and disabled while a patient is using it. Hackers are keenly aware of the sensitivity this issue presents, and will exploit it every way possible.
Needless to say, all of this is a major issue for healthcare organizations. There are best practices institutions can adopt to help protect themselves and their patients.One of the more critical steps is network isolation and segmentation. For example: making sure medical devices cannot directly communicate with staff computers would reduce the risk of breach.
As we, as a society, continue to commit to the progressive marriage of technology and medicine, healthcare related cyber crime will continue to compound. This is unavoidable. Trying to tackle these issues in a singular fashion, with one-off incident response processes and security projects, will never address the larger issue. Healthcare organizations must begin adopting a culture of security. From senior management, to the janitor, cyber security must drive executive dialog and corporate decision points.
Subscribe to IEra womenleaders
News
DeSantis to announce 2024 presidential bid on Twitter Spaces with Elon Musk
Photoshop’s generative AI tool turned my vacation photos into nightmare fuel
How to get the Froggy Armor set in Zelda: Tears of the Kingdom
Mortal Kombat 1 Gameplay Will Premiere During Summer Game Fest
Lauren Sánchez shares what makes her partnership with Jeff Bezos work
Virgin Orbit auctions $36 mln in remaining assets as company fold
Here’s how ads might look in Google’s new AI-powered search experience
Amazon corporate workers plan walkout next week over return-to-office policies
Facebook owner Meta sells Giphy and takes plus $260M loss after UK antitrust order
Peloton's revamped fitness app restricts most equipment workouts to new, more expensive tier
Here’s the secret sauce that fueled Palo Alto Networks’ beat and raise despite tough times
Microsoft bonds are seen as safer than Treasury bills due this summer as the default X-date nears
Why This Coronavirus Star's Rebound Will Take Longer Than Hoped
Chevron Stock Upgraded To A Buy After $6 Billion PDC Energy Deal
Salmonella outbreak reported in 6 states, including Utah, linked to Papa Murphy's cookie dough