The coronavirus isn’t just a threat to the health of human beings as cyberattacks against healthcare providers ramp up, experts say. Credit: Metamorworks / Getty Images The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as the disease spread, targeting medical IoT devices and healthcare networks. According to Forrester Research analyst Chris Sherman, two U.S. hospitals have already been attacked via virtual care systems, after a hacker targeted a vulnerability in a medical IoT device (specifically, a remote patient-monitoring sensor) and gained access to the hospitals’ patient databases. And in another type of attack, the Fresenius Group, a medical device maker and the largest private hospital operator in Europe, has been hit by ransomware. “To me, it’s clear attackers are increasing their focus on medical devices,” Sherman said. “The attackers are directing their efforts really to any system that’s exposed to the internet, which is a concern given how flat most healthcare networks are.” The precise extent to which threats have risen due to the pandemic is unclear, but most experts agree that there seems to be a correlation. Sherman said that some reports place the figure as high as three to five times the number of attacks that would ordinarily be expected, but argued that those figures might be a slight exaggeration. Healthcare providers are particularly ripe targets for ransomware attacks for several reasons. Medical IoT devices are, all too often, poorly secured against intrusion, according to NTT Canada’s cybersecurity practice lead, Stew Wolfe. “A lot of these machines are not designed with security in mind, so they’ll have default passwords in a manual you can look up on the Internet,” he said, adding that there’s a physical security element that’s also worrisome. Many hospital wards and clinics are effectively open to the public, making it relatively simple to gain direct access to insecure devices. “Getting access to this stuff is pretty easy,” Wolfe warned. “You can just walk around and get into some of these areas that you shouldn’t.” Sherman said the spike in the use of telehealth and virtual-care systems represents a response to a tempting attack vector. These are systems that, typically, were isolated on networks local to the hospital, “but now they’re enabling these to be used remotely, and it’s being done very fast without an emphasis on security,” he said. Ransomware Not all analysts are convinced that healthcare is a particular target for malicious hackers at this point, however. Gregg Pessin, a senior director and analyst at Gartner Research, said that hospitals and clinics may well fall victim to ransomware, but that the greater threat vector is phishing attacks that might not be targeting them specifically. “In most cases, healthcare is not in the gunsight, the malware is just sent out to the world, and if a healthcare employee hits the bad link their organization falls victim,” he said. Still, ransomware attacks against healthcare providers may be a more likely payoff for criminals, given the mission-critical and time-sensitive nature of medical networks. A hospital that needs its technology to be functional at all times for the sake of patient care is more likely to simply pay the ransom than to attempt to recover systems that have been locked up by ransomware. Network segmentation One of the main ways that healthcare providers can protect themselves against medical IoT-threats is the use of network segmentation, or making sure that potentially vulnerable operational devices aren’t connected to the same parts of the network as IT systems that can reach sensitive and infrastructure data, Pessin said. Before that happens, however, it’s important to have an awareness of and visibility into the full range of devices on a given network. Pessin said that many healthcare providers are already investing in inventory and tracking software that can autonomously detect medical IoT devices on a network and track whether they’re behaving suspiciously or not. Patching devices that have that functionality is crucially important as well, said Sherman, as is updating older systems that have known vulnerabilities and can’t be patched remotely. “It can be expensive, but it’s really necessary,” he said. Finally, according to Wolfe, simply having a better organizational awareness of the presence of security threats can be a big help in combating them. “Train your doctors and nurses to recognize a malicious email, and work with the [medical-device maintenance] teams in the hospitals” to secure devices against threats, he said. Related content news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz May 08, 2024 43 mins Internet Service Providers Network Management Software Cloud Computing news Google Cloud issue blamed for UniSuper week-long service disruption A misconfiguration during provisioning triggered a previously unknown software bug, causing the deletion of UniSuper’s Private Cloud. By Elizabeth Montalbano May 08, 2024 4 mins Cloud Computing Data Center news IBM Power server targets AI workloads at the edge The Power S1012 server can be deployed in edge computing sites so IT teams can run AI inferencing workloads at the point of data and cut back on data transfers. By Michael Cooney May 08, 2024 3 mins Edge Computing Servers Data Center news HPE Aruba looks to fight AI threats with AI weapons HPE Aruba Networking Central gains AI-powered security observability and monitoring features. By Michael Cooney May 07, 2024 4 mins IoT Security Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe