Modern medical devices are fully-functional computers with an operating system and most have a communication channel to the Internet. By hacking them, criminals could interfere with their functionality.
This is according to Kaspersky Lab's recent research on a private clinic in an attempt to explore its security weaknesses and establish how to address them.
The report says vulnerabilities were found in medical devices that opened a door for cyber criminals to access patients' personal data, as well as their physical well-being status.
A massive malicious attack is only one way in which criminals could exploit the IT infrastructure of a modern hospital, it adds.
PwC's recent report says from mobile apps to insulin pumps, medical devices are increasingly connected to the Internet.
By 2020, Internet-connected healthcare products are expected to be worth an estimated $285 billion in economic value. But connectivity comes with a price - vulnerability to hackers and criminals, it adds.
According to the Verizon 2015 Data Breach Investigations Report, the global healthcare sector experienced 234 security incidents and 141 data breaches in 2015.
As the Internet of things revolution compounds the security problem with real-time patient data, healthcare organisations must embrace innovative data security technologies to meet security and compliance requirements, says Bitglass Report.
The outcome of a successful cyber attack against a medical organisation could differ in detail but will always be dangerous, says Kaspersky Lab.
Security breaches can lead to the felonious use of personal patient data - that is the resale of information to third parties, or demanding the clinic pay a ransom to get back sensitive information about patients, it adds.
Clinics no longer consist of only doctors and medical equipment, but IT services too. The work of a clinic's internal security services affects the safety of patient data and the functionality of its devices, says Sergey Lozhkin, senior researcher at Kaspersky Lab.
"Medical software and equipment engineers put a lot of effort into creating a useful medical device that will save and protect human life, but they sometimes completely forget about protecting it from unauthorised external access."
Lozhkin points out when it comes to new technologies, safety issues should be addressed at the first stage of the research and development process, and IT security companies could help at this stage to address safety issues.
PwC says device manufacturers need to be proactive and companies should conduct routine security assessments to review device vulnerabilities. Incentives should be offered to "white hat" security researchers to identify and responsibly disclose unknown vulnerabilities, it adds.
Share