Security

Securing Connected Medical Devices

SECURING CONNECTED MEDICAL DEVICES

iStock-831434332.jpg

MEDICAL DEVICES

These kinds of innovations face new and diverse threats not previously in existence. As soon as a medical device is connected in some way, either wirelessly or wired, using a persistent connection or one that is transient, either one-directional or bi-directional, the medical device becomes much easier to disrupt, and the potential disruption much more severe.

 
iStock-1027745330.jpg

The use of connectivity in healthcare devices to collect and disseminate real-time data for faster, more accurate analysis, or tailored treatment has certainly created a significant opportunity for medical professionals to improve diagnoses and treatment, and for healthcare providers to reduce operating costs and enable remote monitoring.

However, these devices also bring significant risks if security is not managed properly. These no only include risks to sensitive patient data, but to the patient themselves. When developing a device, or assessing the risks associated with using a device medical professionals and health IT departments there are criteria that should be considered.


CRITERIA THAT SHOULD BE CONSIDERED:

iStock-1174418677.jpg
  • To protect patient privacy, tokenization of patient identity should be used in data stores where feasible.

  • End-to-end encrypted data communications should be used to preserve confidentiality for communications that cross the Internet, although where possible patient data should not cross the internet.

  • Digital signatures should be used to preserve integrity. Highly-sensitive data such as firmware should only be accepted from authenticated end-points.

  • Where possible, Denial of Service attacks should be mitigated by only accepting connection attempts from trusted network zones or specific IP addresses; where this is not possible, connection attempts should be rate limited.

  • Where data flows in both directions, the security context should be mutually authenticated and cryptographic mechanisms including encryption and signature verification should be bidirectional.

  • System integrators must check that devices using encryption support compatible cipher suites which are sufficiently strong for the lifetime of the product or device.

  • To minimize the attack surfaces, unneeded platform services should be turned off.

  • Security controls should be enabled and only lenient when there is a sufficiently low risk to do.


 

Subscribe to Ignite to access expanded courses on Cybersecurity and so much more!

 


Ransomware in HIT

RANSOMEWARE IN HIT

Square-Resources-Thumbnail-RansomwareHIT.jpg

Ransomware has become more prevalent in recent years. Hackers are able to breach security and access up-to-date patient information. Then, they deny the hospital access to the records until they are paid the money they are requesting.

How Does Ransomware Infect?

Typically, ransomware infects victim machines in one of three ways:

  • Through phishing emails containing a malicious attachment

  • Via a user clicking on a malicious link

  • By viewing an advertisement containing malware


Beware of the following cyberattack techniques:

(Select the Title of each column to reveal the information inside the tabbed table.)


Fraudulent Emails

Fraudulent emails have included logos and other imagery associated with the Centers for Disease Control (CDC) and the World Health Organization (WHO). Emails include links to items of interest, such as "Updated cases of the coronavirus near you." Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.



Operational and Industry Disruption

The spread of COVID-19 is disrupting temporary supplies and revenue in some industries. Cybercriminals hope victims will mistake their malicious emails for legitimate ones. For example, emails with subject lines like “Coronavirus – Brief note for the shipping industry,” have been sent to employees of companies in industries being disrupted by the virus. Some campaigns have even been disguised to look like invoices, shipping receipts and job applications.



Hidden Malware

There has been a rise in malicious emails directing recipients to educational and health-related websites riddled with malware.Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.



TIPS TO AVOIDING CYBERATTACKS:

  • Be skeptical of emails from unknown senders or familiar people (like your company’s CEO or your doctor) who do not usually communicate directly with you.

  • Don’t click on links or open attachments from those senders.

  • Don’t forward suspicious emails to co-workers.

  • Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.

  • Report suspicious emails to the IT or security department.

DOWNLOAD A “ransomware-in-hit” INFOGRAPHIC BELOW:


 

After downloading that infographic, Subscribe to Ignite to access self-paced courses, expert-led intensives, other engaging Healthcare IT learning activities, and more!