RESEARCH THERAPY
SECURING MEDICAL DEVICES WITH TRUST LISTS : URGENT PROTECTION FOR HEALTHCARE CENTRES
PRESENTED BY
Scan
QR code to download whitepaper here
Hospital devices in the skilled hands of caregivers are often crucial to creating the best possible patient outcomes , but are those devices secured for the modern world ? One such device is the infusion pump , which is the only way to provide the delivery of fine-tuned amounts of medications in perfect rhythm . Patients in neonatal ICU are dependent on this precious machine to handle a job beyond the abilities of human hands , and many ‘ smart ’ infusion pumps are now part of the Internet of Medical Things ( IoMT ), and therefore vulnerable to cyberattack .
Emergency and life-critical services are reliant on hosts of medical sensors and monitoring devices that are now all being built internet-ready , and in our current environment are rarely secure by design .
Take , for example , the potential effect of cyber threat activity on an MRI or a CT scan . Malware would be able to ‘ add or remove cancerous nodules , causing a patient to be misdiagnosed or wrongly treated .’ The 1 backup generators that every hospital must have on standby more often than not represent an even easier target , as hackers are already familiar with disrupting or taking hostage work sites ’ generators . Healthcare providers require a strong , easy-to-use baseline of cybersecurity solutions to safeguard human lives in their care .
Introduction
2020 ’ s fast-accelerating rise in cyberattacks on hospitals has triggered warnings from the FBI , CISA and HHS . This year , the world has witnessed the COVID-19 pandemic pushing doctors and nurses to their very limits as they sacrificed their time and very wellbeing to save lives .
While some APT groups swore off attacking hospitals during this global crisis , many cybercriminal syndicates chose this moment of vulnerability to spearhead an unprecedented rise in cyberattacks on healthcare centres . Threat actors strive for ways to maximise pressure on stakeholders .
More adaptive , sophisticated and overall disruptive threats are intended to encourage fast payouts on ransoms . Once , ransomware would merely encrypt data , leaving it forever out of reach if stakeholders refused to pay up ( and sometimes forever out of reach even when stakeholders paid , as in the case of LockerGoga ).
This strategy is defeated by maintaining regular backups on a separate system . Now , the teams of bad actors that created these threats have engineered a new hook into them : they exfiltrate the data before encrypting it , allowing them to leverage it online against organisations that refuse to pay ransoms .
The fast-evolving landscape of cyberthreats has recently been changed by the arrival of extortionware , a new type of ransomware that makes a copy of data before encrypting it . Such threats are specifically designed by hackers with the knowledge that hospitals are especially vulnerable .
Cybercriminals are willing to do whatever they consider necessary to obligate , force , or scare hospital stakeholders into paying , and in the near future this is likely to include holding patients hostage with the threat of deliberately engineering poor patient outcomes . We advise IT specialists in the healthcare industry to prepare for the fastrising wave of risk to patients ’ well-being . �
14 www . intelligenthealth . tech