By Jonathan Langer
In recent years, cyber threats have become increasingly sophisticated in terms of attack methods, the degree of damage inflicted, and their ability to circumvent existing security measures. While cyberattacks affect all sectors of business, of late, there has been a dramatic rise across the globe in attacks targeting healthcare and private patient data. In Q3 of 2018 alone, 4.4 million medical records were compromised, according to Protenus Breach Barometer.
IDC estimates that there will be 41.6 billion IoT devices in the field by 2025, with device data growing exponentially as well. By that time, data hackers will have a playground at their fingertips. Of those devices, 40% will be healthcare or medical devices. Due to the sensitive nature of their work, it’s incredibly important for hospitals and healthcare delivery organizations (HDOs) to ensure that any device connected to the network is secured and properly managed.
Midmark Workstations are made to order with customization that can assist with the integration of telehealth and other technology at the point of care, wherever that may be. See more>>>
Along with the rise of healthcare-related cyberattacks, comes an increased need for more sophisticated defense strategies. Simply implementing a general security solution will not suffice. Hospitals and HDOs need a complete solution that understands how both medical and non-medical devices are supposed to interact within a healthcare environment, as well as those that are susceptible to attacks.
Understanding the types of cyberattacks that target IoT devices
As the technology to prevent and detect cyberattacks becomes more advanced, so do the methods hackers use to get through to the devices with valuable personal information. The average cost of a breach was $3.86M in 2018, according to Ponemon. While there are many methods hackers leverage to attack IoT devices, there are some common attacks to be aware of in the medical field. For example, attacks aimed at obtaining personal medical information capitalize on the lack of multi-tiered defense of medical devices to extract such information. Alternatively, attackers target medical equipment as part of their attack vector to reach enterprise servers that house electronic medical records (EMRs).
Further, many attacks have the objective of disrupting medical treatment provided to patients, thereby posing a significant health risk. A large portion of contemporary medical treatments rely on data and measurements that originate from networked medical devices. Cyber attackers can exploit this dependence and tamper with the data and measurements, resulting in the administering of erroneous medical treatment (e.g., incorrect dosage of medication, misdiagnosis of diseases, etc.)