Medical Design and Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech

Medtech cybersecurity: Why you should still be scared

January 5, 2017 By Heather Thompson

 

cybersecurityMDO

[Image courtesy of Blogtrepreneur on Flickr, per Creative Commons 2.0 license]

Medical devices have turned out to be an Achilles’ heel for a healthcare industry still bombarded by cybersecurity breaches, according to TrapX’s “2016 Year-End Healthcare Cyber-Breach Report.”

In 2015, healthcare data security breaches became more than a growing concern—they became a new reality. There were 57 attacks, and hackers breached more than 111,812,172 data records.

The numbers for 2016 are just as troubling according to TrapX, a San Mateo, Calif.–based cyber defense company. Last year, the number of records breached decreased to approximately 12,057,759. But the number of attacks increased by 63 percent to 93 documented data breaches.

MEDJACKING on the rise

Of particular concern to medical device manufacturers is Medjacking (hijacking of medical devices) which is a threat with few defenses in place.

“Cyber attackers know that health care institutions’ networks are highly vulnerable due to unprotected medical devices and, hence, offer attractive “low-hanging fruit,’” notes the report.

TrapX says it documented six cases over an 18-month period in which cyber attackers used “backdoor” access to devices to establish operations. These devices included blood-gas analyzers, CT scanners, PACS systems, and portable x-ray machines.

E-mail based links, malware-laced memory sticks, and corrupted or bogus websites are backdoor tools that attackers often use to gain access to devices. Once the tools are in the network, they find unprotected devices with embedded standard or older operating systems. These devices, which include diagnostic equipment, therapeutic equipment, and life support equipment, become a host for attacks.

Hospitals are unable to detect Medjack or remediate it, and there have been few new technologies or best practices emerging to combat the threat.

“The great majority of existing cyber-defense suites are not able to detect attackers moving laterally from these hidden locations,” says the report. “Even when they are detected, trying to remediate an attack in one medical device is often frustrating (and futile) as other attacks propagate again almost immediately and undetected through various medical devices within the hospital.”

From those points of entry, attackers gain access to health records. The report lists the 1o largest hacks from this year. These included some big names such as Banner Health, which reported a breach of 3,620,000 patients records, as well as small or local institutions.

Medjacking is just one of the threats to healthcare from cyber attackers. Ransomware is also an emerging concern. In August, TrapX identified more than 2,000 variations of ransomware that employ different methods of attack on the network. Ransomware is easier to manufacture and deploy than medjack, and organized crime is investing significantly in improving tool sets. Hackers target healthcare institutions because they have the financial depth to afford the payments, and they have the incentive to make them because of the threat to critical patient care and ongoing operations.

Moshe Ben Simon, cofounder and vice president, TrapX Security summarizes the dire situation in this way: “Sophisticated and persistent cyber attackers are, in our opinion, the single greatest threat to the protection of patient health care data, critical health care operations and, ultimately, present a direct physical risk to patients.”

The report states that the threats continue to “diversify into a greater variety of complex attacks promoted by sophisticated and persistent human attackers.”

In short, cybersecurity efforts are falling short, and all levels of security must become more vigilant and ever more creative.

Related Articles Read More >

cybersecurity
Moody’s warns of cybersecurity, antitrust and supplier risks for medical device companies
FDA proposes new cybersecurity, supply chain and inspection laws for medical device manufacturers
FDA’s $8.4B budget request includes supply chain, pandemic prep and cancer funding
Cybersecurity medical device
FDA warns of cybersecurity risk in certain medical device software components

DeviceTalks Weekly.

June 24, 2022
How innovative design, commercial strategy is building Cala Trio’s bioelectronic medicine market
See More >

MDO Digital Edition

Digital Edition

Subscribe to Medical Design & Outsourcing. Bookmark, share and interact with the leading medical design engineering magazine today.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
DeviceTalks

DeviceTalks is a conversation among medical technology leaders. It's events, podcasts, webinars and one-on-one exchanges of ideas & insights.

DeviceTalks

New MedTech Resource

Medical Tubing

Enewsletter Subscriptions

Enewsletter Subscriptions

MassDevice

Mass Device

The Medical Device Business Journal. MassDevice is the leading medical device news business journal telling the stories of the devices that save lives.

Visit Website
MDO ad
Medical Design and Outsourcing
  • MassDevice
  • DeviceTalks
  • MedTech 100 Index
  • Medical Tubing + Extrusion
  • Drug Delivery Business News
  • Drug Discovery & Development
  • Pharmaceutical Processing World
  • R&D World
  • About Us/Contact
  • Advertise With Us
  • Subscribe to Print Magazine
  • Subscribe to E-newsletter
  • Attend our Monthly Webinars
  • Listen to our Weekly Podcasts
  • Join our DeviceTalks Tuesdays Discussion

Copyright © 2022 WTWH Media, LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media LLC. Site Map | Privacy Policy | RSS

Search Medical Design & Outsourcing

  • Home
  • Medical Device Business
    • Mergers & Acquisitions
    • Financial
    • Regulatory
  • Applications
    • Cardiovascular
    • Devices
    • Imaging
    • Implantables
    • Medical Equipment
    • Orthopedic
    • Surgical
  • Technologies
    • Contract Manufacturing
    • Components
    • Electronics
    • Extrusions
    • Materials
    • Motion Control
    • Prototyping
    • Pumps
    • Tubing
  • Med Tech Resources
    • DeviceTalks Tuesdays
    • Digital Editions
    • eBooks
    • Manufacturer Search
    • Medical Device Handbook
    • MedTech 100 Index
    • Podcasts
    • Print Subscription
    • The Big 100
    • Webinars / Digital Events
    • Whitepapers
    • Video
  • 2022 Leadership in MedTech
    • 2022 Leadership Voting!
    • 2021 Winners
    • 2020 Winners
  • Women in Medtech