The devices that reveal the inner workings of the human body can also expose healthcare organizations to lethal attacks by hackers who use medical equipment to infect computer systems with ransomware.
Ransomware—the insidious software that locks up data and enables hackers to demand financial payments to release it—has evolved during the past decade into a sophisticated, multi-billion dollar crime ring. This is evidenced by the WannaCry attack earlier this year that affected 200,000 Microsoft Windows-based machines in more than 150 countries.
According to a report released by the U.S. Department of Homeland Security, the healthcare field remains one of the richest targets for ransomware attacks because of its need for immediate access to patient records.
But how does a ransomware infection make the leap from medical devices like MRIs into the heart of practice computer systems?
Entry through back doors
Medical devices are often accessible outside of normal network login requirements because manufacturers maintain separate, backdoor access for maintenance purposes. Cyber thieves manipulate this access point to gain initial entry into a computer network. Then the malicious software can travel swiftly throughout the whole system when records from MRIs, CT machines and ultrasounds are electronically passed shared among medical staff.
Once they get in, hackers can wreak havoc on medical organizations, as they did to the National Health Service in the UK during the WannaCry attack or at Hollywood Presbyterian Hospital. The latter paid $17,000 in bitcoin to ransomware bandits who froze the hospital’s data for more than a week in 2016.
While WannaCry victims were running Windows 7, which still has security updates from Microsoft, medical devices are even more vulnerable to ransomware attacks because they operate on older legacy systems such as Windows XP, which Microsoft no longer supports.