The Internet of Things is the revolutionary technology that intends to interconnect and make intelligent all the objects that are present in the daily life of the users. However, such sophistication, if not well thought out, could lead to the existence of security holes that could be exploited by cybercriminals.
One of the increasingly common targets of cybercriminals is the intelligent devices of Hospitals.
Check Point warned recently for the growth of cyber-attacks on IoT devices of health systems around the world. In addition to ransomware attacks, such as the one that affected a Los Angeles hospital that was forced to pay $17,000 last year, or WannaCry, which led to the cancellation of surgeries and closure of operation theaters in the UK, now the health and hospital units are facing the exploitation of vulnerabilities in IoT devices.
The health sector has strongly adopted IoT. Connected devices have enormous potential for saving lives: they compile and analyze large volumes of clinical data and enable doctors to offer a personalized treatment to each patient quickly and even remotely. However, these devices also put at risk the sensitive data of patients and the proper functioning of healthcare institutions.
So, how vulnerable is IoT used in the health sector?
To assess this issue, it is important to distinguish between different types of intelligent objects. On the one hand, we have portable medical devices, ranging from an insulin pump to a pacemaker.
A direct cyberattack against these devices may serve to blackmail the patient, threatening them with disruption of their operation. On the other hand, there are machines like smart pharmacy dispensers or chemotherapy connected stations. The potential for cybercriminals to endanger the lives of people in hospitals by taking control of the devices they use to treat them is really worrying: the same data that allow doctors to make adjustments to the operation of medical devices can also be used in malicious manner.
Check Point argues that IoT creators and manufacturers for the medical industry, as well as companies and patients who use the devices, should take a number of precautions to minimize the risks:
Implement a privacy model from the design of the machine. This measure is also necessary for any company subject to compliance with the EU’s future GDPR and should form an integral part of the design and design of any IoT health equipment.
Ensure that they have an advanced mobile and endpoint security system. A comprehensive protection strategy, which ensures that all equipment is protected with a single architecture, is the best approach. This solution should cover aspects such as network segmentation and to be able to mitigate the multiple advanced attack vectors, threat prevention solutions should be included.
Internet of Things can truly revolutionize the medical industry, but it can also be an invitation to cybercriminals who want to blackmail hospitals and patients, steal data and cause real damage. Creators, manufacturers, healthcare professionals and patients need to work together to keep this new target safe from cybercrime in general and ransomware in particular.