@medhamehtaMedha Mehta
Cybersecurity technical writer and content marketer @TheSSLStore and SectigoStore.
According to an IBM report, one data breach incident costs medical institutes an average of $7.13 million. Ransomware cost the healthcare industry approximately $21 billion in 2020!
But apart from financial loss, cyberattacks on the medical industry cause unaccountable damages such as the risk of patients’ lives in the event of transferring the emergency cases to other hospitals, postponing critical operations, and canceling important appointments.
One of the most popular methods hackers use is exploiting the internet of medical things, or IoMT, devices and medical instruments to deploy the attacks.
In this article, we will discuss why IoT becomes the weakest link in the overall cyber defenses in the healthcare field.
1) Age of the IoMT Devices
Large and expensive IoMT devices like MRI machines, CT scanners, X-Ray machines, etc., have a lifespan of 15 to 20 years. But cybersecurity is a rapidly evolving field, and hackers are coming up with new hacking methods at lightning speed. That means these long-lasting IoMT devices can’t face the latest challenges of contemporary time. It is obvious that manufacturers are not to be blamed here because they can’t make a machine, keeping in mind the future threats for which they don’t have any clue. That’s why, at the end of their life cycle, IoMT devices are extremely vulnerable to the new generation’s cyber threats.
Hackers know this fact. So, it is easy for them to target the old machines, inspect their outdated system, and exploit the vulnerabilities. The hardware components are not easy to upgrade without the vendor’s support. If you hire any outsiders to upgrade, you might void the warranty. When it comes to software patching, there are other sorts of challenges with IoMT devices, which bring us to the next point.
2) The Patching Hustles
In general, software updates are easier to install compared to upgrading the hardware components. But it’s not the case with healthcare IoT devices. The upgrade takes time, making the device unavailable for some minutes to a couple of hours. For busy clinics, especially those that treat emergency patients, it is difficult to take such a pause.
Another risk is losing the data. As we know, the patching process might inadvertently delete the stored data. The IoMT devices store sensitive healthcare data and the patients’ lifelong history of the test results and diagnoses, which must be protected at any cost. That means you need to backup all that huge quantity of data before patching. It is a time-consuming thing and needs expensive servers or cloud platforms to store the backup data.
Example: According to Ordr’s studies, one out of five devices were running on legacy operating systems Windows 7 or older. It includes Windows 95, 97, 98, XP, ME, NT, and CE. It is a well-known fact that these operating systems are suffering from severe security vulnerabilities and are at least a decade behind the latest cyber defenses. But it is often risky, expensive, and time-consuming to update operating systems, and that’s the reason 15-19% of businesses are still using them.
3) Staff’s Lack of Cyber Awareness
Healthcare is one of the worst industries for getting a work-life balance. The work hours and shift timing change frequently, the job is stressful, and staff is often overburdened with work. In this situation, expecting medical workers to take cyber-awareness training and be tach savvy seems an unreasonable demand. Hence, hackers find healthcare workers easy victims to target for phishing, spamming and other scams.
In fact, staff negligence and internal misconduct were the main reasons behind 56% of all the cyberattacks in the healthcare industry! One example of staff negligence can be seen in Ordr’s research, in which it found that healthcare providers were surfing Facebook and YouTube on MRI and CT machines. The essential IoMT devices and non-essential devices like printers, security cameras, vending machines, and parking lot gates were using the same internet network. But 51% of IT teams never bother checking which devices are running in their network!
4) Ransomware Attack with a “Guaranteed Returns”
Ransomware attacks are hackers’ favorite game move when it comes to IoMT devices. According to Comparitech, 600 healthcare institutes were hit by 92 ransomware attacks in 2020. These attacks cost these organizations approx. $21 billion.
Once the hacker gets unauthorized access to a medical device, they can
- Disrupt its functioning,
- Shut them down temporarily,
- Make the stored data unavailable to view and use,
- Virtually lock/freeze the devices,
- Alter the test results and other data.
If something like this happens, the healthcare industry doesn’t get more time to respond as each minute is the question of life and death. When the critical IoMT devices stop working, the healthcare facilities will be in jeopardy if they don’t act fast, i.e., to eradicate the attack or pay the ransom. But due to the urgency of the situation, paying ransom often seems an easy way out.
5) No Measurable ROI
It’s true that the healthcare industry is one of the most revenue-generating ones, but its expenses are huge, too. From paying high salaries to medical and paramedical staff to buying heavy medical devices and supplies, it has to deal with many inflated costs. That’s why management often gives less priority to cybersecurity. It involves hiring a security team, CISO, CTO, MDR partners, pen testers or PTaaS providers, VMaaS providers, etc. Plus, you need to buy security tools like vulnerability scanners, firewalls, anti-malware programs, threat detectors, etc. These expenses often seem unnecessary without any measurable ROI. That’s why cybersecurity often takes a backseat, making it a soft target for attackers.
Conclusion
There are 10 to 15 million medical devices in U.S. hospitals, with an average of 10 to 15 devices per patient! According to Deloitte’s report, medical technology companies manufacture more than 500,000 different types of medical devices, and most patient interactions with the health care system involve the use of IoMT devices. The IoMT market will reach $158.1 billion in 2022.
It’s a huge and attractive market for hackers. Due to all the above-stated reasons, the healthcare sectors’ cybersecurity is already a challenging thing. When the world was going through the pandemic, the cybercrimes increased by 150% amid COVID-19 crisis! So, it is easy for attackers to find unpatched vulnerable devices, unsecured internet connections, and open ports connected to IoMT devices to hack them.
Around the Web
Loading…
Tags
Create your free account to unlock your custom reading experience.
0 Comments