Hackers have medical devices in their crosshairs. What started as proof-of-concept vulnerabilities around medical pumps and scanners has evolved over the past few years into devastating ransomware attacks and stealthy medical device hijacks like the well-known MedJack. The general growth in network attacks is nothing new, but the increase in unprotected network-enabled medical devices has security researchers worried.
A recent WIRED article dives into the healthcare nightmare and looks at the issues plaguing these medical devices.
“We tend to think healthcare is very conservative, healthcare is very slow because of regulations and liabilities, but because of the huge benefits they’re seeing by using IoT devices hospitals are deploying more and more of them,” says May Wang, chief technology officer at Zingbox. “For the past three years the healthcare sector has been hacked even more than the financial sector. And more and more hacking incidents are targeting medical devices.”
As a matter of fact, more than 36,000 US healthcare-related devices are already freely discoverable on Shodan, a search engine for connected devices, according to a Trend Micro report. As more medical IoT devices offer new attack vectors for criminals, the number of security vulnerabilities facing the healthcare industry grows every month. And these vulnerabilities lead to breaches; just last year the industry saw major breaches at Banner Health, MedStar, Bon Secours Health System, Premier Healthcare and many more.
Though healthcare organizations are working hard to address security concerns associated with networks and devices, the current state of the industry has left patients and the public scared. So what’s the path forward? Many experts think it needs to start with how these medical devices are designed and manufactured.
Read the full WIRED article to learn more about the issues facing this industry, and to find out how organizations like the FDA are working to harden security in connected devices.