Hacking attempts targeting medical devices can have dire consequences. A successful breach can put lives at risk while imperiling a provider’s entire data infrastructure. Ransomware schemes are often successful because of this.
Small practice owners in particular often face pronounced risk because cyber criminals may see them as easier targets. We’ve found that bad actors are often size-agnostic, targeting whomever they can hack. Healthcare devices are at-risk regardless of whether they’re in big hospitals or in small practices—and sometimes it’s the smaller providers that are most vulnerable.
Though it’s impossible to entirely eliminate cybersecurity risk, accurate inventory, hidden device networks, and regular monitoring are ways in which providers can meaningfully improve their organization’s defenses.
1) Take stock
This is made more complicated by the fact that providers often maintain inventory in several physical locations, all of which utilize the same network.
If, because of these issues, a provider lacks a complete inventory, its devices are particularly vulnerable. In that case, a hacker need only access a single, unsecured device to gain control of the entire data infrastructure. And, without an inventory, a hospital may not even notice the breach.
It is therefore essential that hospitals and practices take and maintain a complete and accurate inventory of all their devices. Doing so will help them better track and monitor their devices and thereby better secure them.
2) Hidden networks
Such a tactic may enable a simple phishing scam, targeted at a single employee working on the network, that can bring the entire hospital or practice to its knees.
For this reason, healthcare providers should utilize a hidden network exclusively for their medical devices. This:
3) Vigilant monitoring
Hospitals can now be hacked through devices as small as an insulin pump. As their risk profile dramatically increases, they require constant, vigilant system monitoring, during which a provider surveys their systems, patches their vulnerabilities, and secures their data.
With effective monitoring and regular threat-profile updates, hospitals and healthcare groups can preempt a looming cyberattack instead of suffering at the hands of one.
Ray Hillen is managing director at Agio, a hybrid managed IT and cybersecurity services provider.