Tag: medical device hacking

Dec 12
2024

Medical Devices are Attacked Every 20 Seconds: Here Is How to Protect Them

By Daniel Trivellato, vice president of healthcare and cyber risk solutions, Forescout.

A recent honeypot study revealed that every 20 seconds, somewhere in the world, a cybercriminal targets a medical imaging device. In the time it takes to check a patient’s vital signs, multiple attackers may be actively trying to breach the very systems designed to provide vital healthcare information and keep us alive.

While connected devices have become increasingly prevalent in healthcare, many healthcare organizations fail to adequately protect them. Recent research examining over 2 million devices across 45 healthcare organizations revealed that approximately half of all devices in healthcare networks are now Internet of Medical Things (IoMT), Internet of Things (IoT), operational technology (OT) or building automation devices. These are more than simply administrative systems, these devices play a direct role in influencing patient outcomes, including patient monitors, infusion pumps, and imaging systems.

Daniel Trivellato

Of the 306 medical device vendors observed, the research finds that medical devices are running on 110 different operating systems, making the complexity of securing these networks truly staggering.

While household names like Philips, GE Healthcare, and Baxter are major players in the space, these organizations only represent 40% of the vendor landscape. The remaining 60% is a fragmented maze of smaller providers, each with its own potential vulnerabilities.

Perhaps most alarming is the dramatic rise in exposed Digital Imaging and Communications in Medicine (DICOM) servers. Between August 2022 and May 2024, we’ve seen a 27.5% increase in exposed servers, with the majority of exposed devices located in the United States, India, Germany, Brazil, Iran, and China. Across all IoMT devices, our research uncovered 162 vulnerabilities, with half of the most critical flaws found in Windows-based systems.

Recent breaches have had real-world impact on both health systems and patients. In 2023, healthcare organizations experienced an average of 1.6 data breaches per day, with each incident affecting approximately 200,000 patients. This isn’t just about compromised data – it’s about real people whose private medical information is at stake.

When personal medical device data is stolen, patients can face serious personal risks, including identity theft, insurance fraud, and emotional distress. Many cybercriminals leverage stolen medical records to create sophisticated phishing schemes, impersonate patients to obtain prescription medications, or even blackmail individuals with sensitive health information. Patients may also experience emotional distress following a breach of personal information, feeling vulnerable knowing their most intimate health details have been exposed.

Continue Reading

Related

Sep 27
2018

New Trend in Cyber Attacks Targeting Connected Medical IoT Devices and the Patients That Use Them

Zingbox, provider of healthcare Internet of Things (IoT) analytics platform, announced new research demonstrating that hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights. These insights are then used to refine the attacks, increasing the chance of successful hack.

“Hackers are finding new and creative ways to target connected medical devices. We have to be in front of these trends and vulnerabilities before they can cause real harm,” said Xu Zou, Zingbox CEO and co-founder. “We make it our mission to assist and collaborate with device manufacturers to ensure the security and uninterrupted service of connected medical devices.”

Information gathering phase of a typical cyberattack is very time intensive phase where hackers learn as much as they can about the target network and devices. By simply monitoring the network traffic for common error messages, hackers can gain valuable insight into the inner workings of a device’s application; the type of web server, framework and versions used; the manufacturer that developed it; the database engine in the back end; the protocols used; and even the line of code that is causing the error. Hackers can also target specific devices to induce error messages. With this information, the information gathering phase is greatly shortened and they can quickly customize their attack to be tailored to the target device.

Zingbox’s research discovered that:

“Imagine how much more effective hackers can be if they find out that a device is running on IIS Web Server, using Oracle as backend and even gathering usernames,” said Daniel Regalado, principal security researcher at Zingbox and co-author of Gray Hat Hacking. “That will help them to focus their attack vectors towards the database where PHI data might be stored.”

The research also revealed that the healthcare industry has made great strides in collaborating across providers, vendors and manufacturers: there was rapid response and a willingness to generate patches for their medical devices from three out of seven manufacturers whose devices were included in the study. However, there is still work to be done to bring the urgency of these findings as well as increased collaboration between security vendors and device manufacturers.

Related