Thieves Targeting Medical Device Data

Cyberthieves are getting crafty, focusing on sensitive information by targeting medical devices. The number of instances is rapidly increasing. According to KPMG, over the past two years, 81 percent of health care organizations were the victims of cyberthreats or even had data compromised.

The reason this is happening? More health care-related organizations are connecting to the internet for saving and sharing data but have poor cyberthreat monitoring, cybersecurity policies and data access controls. The issue also extends to device disposal practices, which are not up to snuff. This all equals a vulnerability that hackers find easy to penetrate.

From the Banner Health data breach in Phoenix, to the Excellus BlueCross BlueShied breach in 2015 leaking data back from 2013, to the breach of 11 million subscribers of Premera, experts say the concern is vast and not going away. Attacks can range from simple attacks through third-party applications, to malware with viruses or spyware placed on devices, to even ransomware that locks the device entirely and demands money from the user.

Health care companies are indeed concerned, but some may feel paralyzed as to what to do about it, including how to encrypt data. Recently, the U.S. Food and Drug Administration announced new guidelines that encouraged medical device manufacturers to up the cybersecurity of their products.

Experts recommend policy changes that include siloing each department of an organization to address cybersecurity and carving out a single policy that each department follows. That includes building stronger device access controls, conducting assessments on a habitual basis and implementing ongoing software updates.

It’s all important, because did you know that one in three Americans are victims of health care data breaches?