Healthcare requires security care too

Read time 2min 20sec
ITWeb Security Summit 2016

Don't miss the definitive event for security professionals:
17-18 May (conference and expo), 19 May (workshop)
Vodacom World, Midrand
Book today!

Modern medical devices are fully-functional computers with an operating system and most have a communication channel to the Internet. By hacking them, criminals could interfere with their functionality.

This is according to Kaspersky Lab's recent research on a private clinic in an attempt to explore its security weaknesses and establish how to address them.

The report says vulnerabilities were found in medical devices that opened a door for cyber criminals to access patients' personal data, as well as their physical well-being status.

A massive malicious attack is only one way in which criminals could exploit the IT infrastructure of a modern hospital, it adds.

PwC's recent report says from mobile apps to insulin pumps, medical devices are increasingly connected to the Internet.

By 2020, Internet-connected healthcare products are expected to be worth an estimated $285 billion in economic value. But connectivity comes with a price - vulnerability to hackers and criminals, it adds.

According to the Verizon 2015 Data Breach Investigations Report, the global healthcare sector experienced 234 security incidents and 141 data breaches in 2015.

As the Internet of things revolution compounds the security problem with real-time patient data, healthcare organisations must embrace innovative data security technologies to meet security and compliance requirements, says Bitglass Report.

The outcome of a cyber attack against a medical organisation could differ in detail but will always be dangerous, says Kaspersky.
The outcome of a cyber attack against a medical organisation could differ in detail but will always be dangerous, says Kaspersky.

The outcome of a successful cyber attack against a medical organisation could differ in detail but will always be dangerous, says Kaspersky Lab.

Security breaches can lead to the felonious use of personal patient data - that is the resale of information to third parties, or demanding the clinic pay a ransom to get back sensitive information about patients, it adds.

Clinics no longer consist of only doctors and medical equipment, but IT services too. The work of a clinic's internal security services affects the safety of patient data and the functionality of its devices, says Sergey Lozhkin, senior researcher at Kaspersky Lab.

"Medical software and equipment engineers put a lot of effort into creating a useful medical device that will save and protect human life, but they sometimes completely forget about protecting it from unauthorised external access."

Lozhkin points out when it comes to new technologies, safety issues should be addressed at the first stage of the research and development process, and IT security companies could help at this stage to address safety issues.

PwC says device manufacturers need to be proactive and companies should conduct routine security assessments to review device vulnerabilities. Incentives should be offered to "white hat" security researchers to identify and responsibly disclose unknown vulnerabilities, it adds.

Regina Pazvakavambwa
ITWeb portals journalist.

Regina Pazvakavambwa is an experienced Journalist with a demonstrated history of working in the online media industry. She has worked for ITWeb for about four years. She is a strong media and communications professional with an Honours in Media Management focused in Communication Journalism, and related programmes. She is also a coffee and social media addict, loves photography and reading. She has ambitions of being a bestseller author….writing her first page as we speak.

Have your say
a few seconds ago
Be the first to comment