The coronavirus isn’t just a threat to the health of human beings as cyberattacks against healthcare providers ramp up, experts say. Credit: Metamorworks / Getty Images The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as the disease spread, targeting medical IoT devices and healthcare networks. According to Forrester Research analyst Chris Sherman, two U.S. hospitals have already been attacked via virtual care systems, after a hacker targeted a vulnerability in a medical IoT device (specifically, a remote patient-monitoring sensor) and gained access to the hospitals’ patient databases. And in another type of attack, the Fresenius Group, a medical device maker and the largest private hospital operator in Europe, has been hit by ransomware. “To me, it’s clear attackers are increasing their focus on medical devices,” Sherman said. “The attackers are directing their efforts really to any system that’s exposed to the internet, which is a concern given how flat most healthcare networks are.” The precise extent to which threats have risen due to the pandemic is unclear, but most experts agree that there seems to be a correlation. Sherman said that some reports place the figure as high as three to five times the number of attacks that would ordinarily be expected, but argued that those figures might be a slight exaggeration. Healthcare providers are particularly ripe targets for ransomware attacks for several reasons. Medical IoT devices are, all too often, poorly secured against intrusion, according to NTT Canada’s cybersecurity practice lead, Stew Wolfe. “A lot of these machines are not designed with security in mind, so they’ll have default passwords in a manual you can look up on the Internet,” he said, adding that there’s a physical security element that’s also worrisome. Many hospital wards and clinics are effectively open to the public, making it relatively simple to gain direct access to insecure devices. “Getting access to this stuff is pretty easy,” Wolfe warned. “You can just walk around and get into some of these areas that you shouldn’t.” Sherman said the spike in the use of telehealth and virtual-care systems represents a response to a tempting attack vector. These are systems that, typically, were isolated on networks local to the hospital, “but now they’re enabling these to be used remotely, and it’s being done very fast without an emphasis on security,” he said. Ransomware Not all analysts are convinced that healthcare is a particular target for malicious hackers at this point, however. Gregg Pessin, a senior director and analyst at Gartner Research, said that hospitals and clinics may well fall victim to ransomware, but that the greater threat vector is phishing attacks that might not be targeting them specifically. “In most cases, healthcare is not in the gunsight, the malware is just sent out to the world, and if a healthcare employee hits the bad link their organization falls victim,” he said. Still, ransomware attacks against healthcare providers may be a more likely payoff for criminals, given the mission-critical and time-sensitive nature of medical networks. A hospital that needs its technology to be functional at all times for the sake of patient care is more likely to simply pay the ransom than to attempt to recover systems that have been locked up by ransomware. Network segmentation One of the main ways that healthcare providers can protect themselves against medical IoT-threats is the use of network segmentation, or making sure that potentially vulnerable operational devices aren’t connected to the same parts of the network as IT systems that can reach sensitive and infrastructure data, Pessin said. Before that happens, however, it’s important to have an awareness of and visibility into the full range of devices on a given network. Pessin said that many healthcare providers are already investing in inventory and tracking software that can autonomously detect medical IoT devices on a network and track whether they’re behaving suspiciously or not. Patching devices that have that functionality is crucially important as well, said Sherman, as is updating older systems that have known vulnerabilities and can’t be patched remotely. “It can be expensive, but it’s really necessary,” he said. Finally, according to Wolfe, simply having a better organizational awareness of the presence of security threats can be a big help in combating them. “Train your doctors and nurses to recognize a malicious email, and work with the [medical-device maintenance] teams in the hospitals” to secure devices against threats, he said. Related content analysis Network automation challenges are dampening success rates Most enterprises are juggling multiple commercial, open source, and homegrown network automation tools, and few are reporting fully successful automation initiatives. By Denise Dubie Mar 28, 2024 6 mins Data Center Automation Network Management Software Network Monitoring news SD-WAN, SASE outpace MPLS investments: survey SD-WAN and SASE technologies are becoming mainstream and MPLS usage is on the decline, according to survey results from SASE vendor Aryaka. By Denise Dubie Mar 28, 2024 4 mins SASE MPLS Network Management Software analysis Beware the gap between security readiness and confidence levels, Cisco warns Companies need greater network segmentation, sandboxes, firewalls, and anomaly detection to fight attackers, according to Cisco's 2024 Cybersecurity Readiness Index. By Michael Cooney Mar 27, 2024 6 mins SASE Network Security Networking analysis Cisco: AI tools, better workspaces would boost in-office appeal Office environments need to change to foster collaboration, and employers need to close the AI skills gap, Cisco reports in its hybrid work study. By Michael Cooney Mar 27, 2024 3 mins Generative AI Careers Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe