Hacked Medical Devices Make Cybersecurity Life or Death

Hackers Eye Medical Devices

There’s a growing trend of cybercriminals targeting medical devices in extortion schemes.

Many of these embedded devices have lax cybersecurity protections, Wired noted, which hackers are increasingly looking to exploit.

Not only is it necessary to protect patients from dangerous intrusions into their healthcare via hacked medical devices, but it’s also important to quell the threat entirely, because the sensors on these devices are typically connected to a larger network of sensors and monitors.

This could result in a hacker not only threatening a patient directly, but also jeopardizing larger hospital networks. If these networks are compromised, it could lead to stolen sensitive medical records or ransomware attacks that hold critical systems and services hostage.

“The entire extortion landscape has changed,” Ed Cabrera, chief cybersecurity officer at Trend Micro, noted. “You do get into this life or death situation potentially.”

According to data released by KPMG last year, the number of instances of medical devices being hacked has rapidly increased. As of 2016, over the past two years, 81 percent of healthcare organizations were the victims of cyberthreats or had data compromised.

As more healthcare-related organizations connect to the internet for saving and sharing data, their poor cyberthreat monitoring, cybersecurity policies and data access controls are having dire consequences. The issue also extends to device disposal practices, which are not up to snuff. This all equals a vulnerability that hackers find easy to penetrate.

From the Banner Health data breach in Phoenix to the Excellus BlueCross BlueShield breach in 2015 (which leaked data back from 2013) to the breach of 11 million subscribers of Premera, experts say the concern is vast and not going away. Attacks can range from simple attacks through third-party applications, to malware with viruses or spyware placed on devices, to even ransomware that locks the device entirely and demands money from the user.