The Growing Threat of Malware within Medical Devices

Posted by Dan Lowe on 2016-06-24 18:22:41

Medical_Devices_Jun_2016a.jpg

Malware Threats Are Rising Within Health Care Organizations.

Why would a criminals create malware to endanger or kill a child? Medical device technology is advancing at a staggering rate with wireless connectivity playing a key role in sending information to and from multiple devices. With medical equipment technology advances, you would expect that we can live longer, healthier lives. Not only can we expect to extend our longevity, but health care organizations can save money and improve hospital efficiencies. While these attributes are a great benefit to hospitals, relatives and friends can benefit by quickly access general patient information without having to drive to the hospital. Therefore, advances in medical device technology will only lead to positive experiences, right? However, there is a darker side lurking beneath the surface of medical devices used in hospitals.

 

Let’s face it, criminals want to make money and will find the easiest path to steal information or use extortion tactics to take money from health care organizations, patients, or friends and family of the patient. According to a Reuters article, "Your medical information is worth 10 times more than credit card number on the black market.[1]" The medical industry has become a much more attractive target for online criminals, but what these bad actors don’t realize is that malware can adversely affect medical equipment. Malware or improperly configured security products can and has created problems, such as: device rebooting, screen black-outs, patient overdosing, device reprogramming, premature battery drain, uncontrollable or controllable electricity jolts. If a medical device malfunctions due to malware, then it puts the patient’s life in danger or creates problems for doctors, nurses, and medical technicians who rely on these devices to help their patient.

 

A staggering statistic is that 85% of healthcare organizations had at least one data breach involving the loss or theft of patient data in the past 24 months. Forty-five percent had more than 5 breaches. In 2014, Department of Homeland Security (DHS) investigated 24 cases of potentially deadly cybersecurity flaws in medical devices and hospital equipment. In a quote from Security Ledger, "Researchers looking into the security of medical devices have found thousands of sensitive systems that are exposed to the Internet and vulnerable to remote attack, including drug infusion systems, MRI imaging machines, anesthesia systems and more." This highlights the fact that medical device manufacturers may not be providing the necessary security tools to reduce malware attacks. Health care organizations with limited cybersecurity staff continue to be overwhelmed with malware threats and this trend will continue to plague hospital IT administrators who are balancing many day-to-day operational issues while trying to prevent criminals from stealing patient information, extorting money from their hospital, and other nefarious activities.

 

Doctor, nurses, and medical technicians should focus on providing quality medical care and not be concerned about a medical device malfunctioning because a malware attack has can come through a computer, tablet, mobile phone, or medical device. Protecting medical devices can be especially tricky for IT administrators as their are many issues, such as: older medical devices with outdated operating systems, newer medical tools using latest Linux and Windows operating systems, inter-connected medical equipment with different transmission methods, antivirus misconfiguration issues, and mobile device vulnerabilities. While there are benefits to integrating the latest technologies within medical products, manufacturers should provide more robust security options that minimize malware security risks.

 

[1] Your Medical Record is Worth More to Hackers Than Your Credit Card, Caroline Hummer and Jim Finkle, Sept 2014; http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

Find me on:

Dan Lowe

Dan Lowe is the OEM Senior Marketing Manager. He has worked at multiple security companies in the last 10 years and manages the OEM marketing team. He has a unique perspective on the industry as he has worked with different security technologies, such as: Antimalware, Firewalls, VPNs, DLP, and E-DRM.

Topics: News