More than half of all internet-connected medical devices in hospitals have security holes that could put patients’ health and data at risk, a new report finds. Security threats in healthcare environments remain unresolved, despite massive investment and much more is needed to ensure that hospital systems are safe from attacks, researchers say hacking.
Medical institutions are attractive targets for hackers because their medical and billing information from patients can then be sold for insurance fraud or even used to blackmail hospitals. Hackers can make huge profits, with medical records sold on the black market valued 50 times more than a stolen credit card.
Hospital databases can be compromised in a number of ways. The easiest option is to hack a social network – get credentials from one of the individuals with legitimate access to the network. The second, much more challenging option, involves the use of force to gain unauthorized access to the medical center’s network.
A study from 2019 identified more than 1,400 hospital-related violations between 2009 and 2019, affecting 170 million people. The researchers classified the leaked data into three categories: medical information, including diagnosis and treatment, demographics, such as names and addresses, and financials, such as information payment.
Daniel Brodie, co-founder of Cynerio, said: “Healthcare is a prime target of cyberattacks, and even with continued investment in cybersecurity, critical vulnerabilities remain in many devices. medical equipment that hospitals rely on to care for their patients,” Daniel Brodie, co-founder of Cynerio, said in a press release. statement. “Hospitals and health systems don’t need more data – they need cutting-edge solutions.”
Healthcare cybersecurity company Cynerio looked at data from 10 million devices at 300 medical facilities and hospitals. The report shows that 53% of all connected medical devices have at least one vulnerability. In addition, one-third of bedside devices, which patients rely on to ensure their well-being, pose a known serious risk.
The researchers found that infusion pumps were the most common type of Internet-connected device in hospitals, accounting for 12% of all devices. Pumps are also vulnerable devices that can be exploited by hackers. This creates a huge risk, as someone could hack the system and change the dosage of a drug.
Most hospital equipment is used at least once a month. The report found: While this is good for hospitals in terms of a good return on investment, it has consequences for the security of the devices. If they are used frequently, it means that it can be difficult for hospitals to find the time to update the security of the devices.
“Without robust healthcare security systems, hospitals are sitting on an active ticking time bomb,” the report said. “A ransomware attack can destroy much of their IoT (internet of things) infrastructure, and the hospital won’t have any visibility into how to proactively stop the attack or close it when it does. it is launched.”
So where do the hospitals go from here? The Cynerio report says most of the vulnerabilities in devices can be fixed relatively easily, especially since many of the vulnerabilities are linked to default passwords and settings that can be easily obtained by hackers. from manuals posted online. It’s a good place to start, but there’s still a long way to go.
Full report can be accessed here.
https://www.zmescience.com/science/hospitals-targeted-hackers-20012022/ Hackers are increasingly targeting hospitals – IVs and other devices at risk