Medical devices and how hackers target them

The healthcare industry has been growing and so have the number of cybercriminal attacks targeting it. By 2020, there was a 69% rise in cyber-attacks in all sectors of the healthcare industry and when the COVID-19 pandemic started, medical systems worldwide took a heavy blow, escalating those numbers even higher.

With the rise of the Internet of Medical Things (IoMT), medical devices are becoming increasingly more prominent in the healthcare industry. This, however, does not come without its risks.

Hackers are using medical devices to springboard deeper into medical system networks. This article explores the motives as well as the methods used to access medical devices.

Top reasons why Health Delivery Organizations (HDOs) are cybersecurity targets

Health Delivery Organizations (HDOs) are one of the favorite targets of hackers. Ransomware hit 66% of HDOs in 2021, marking a significant increase over the year before. As a result, Medical Device Manufacturers (MDMs) are under pressure to conform to strict security measures as the attacks are having more of an impact.

HDOs are targeted by hackers for:

• A higher likelihood of paying the ransom as their operations are critical
• Protected Health Information (PHI), which includes a patient’s sensitive medical records
• High-value information re-sold on the cybercriminal marketplace
• Their lack of sophisticated cybersecurity defenses

As a result, healthcare is a lucrative industry to hack and therefore needs urgent attention.

How do hackers benefit when targeting medical devices?

Medical devices come with potential vulnerabilities that, if exploited, can threaten both caregivers and patients. While it is scary to think hackers can potentially gain access to a medical device, it’s good to understand what they stand to gain and how they can be stopped.

A few major reasons why hackers target medical devices include:

• Accessing PHI of patients and selling it for profit on the black market. These records can be more profitable than stolen credit cards when sold. In many cases the PHI is resold for others to carry out fraudulent activities.
• Planting ransomware to threaten HDOs, where the threat actors demand large amounts of money from the victims. The malicious software holds business and operational critical data and systems ransom, preventing access until their price is paid. This costs hospitals greatly and leaves the hacker with complete control.
• Hackers reach deeper into the network by starting with medical devices. They can lurk and wait for the best moment to strike.
• Earning digital currencies through crypto mining. This has been a growing concern surrounding compromised connected devices. Botnets (a network of compromised machines), infect online devices and steal resources for these mining activities.

What kind of potential vulnerabilities do medical devices have?

Connected and implanted medical devices often come with critical vulnerabilities that attackers target. In order to mitigate these vulnerabilities and protect against malicious software, it is important to understand what they do and how hackers can use them to accomplish their objectives.

• Log4j vulnerability has become a hot topic in cybersecurity since its publication in December 2021. It concerns the Java Framework called Apache ‘Log4j’ and when exploited by executing arbitrary code, grants unauthorized access to medical devices. The vulnerable code has been identified in over 3 billion devices.
• Maui ransomware is a unique threat that was identified in April 2021 and differentiates itself from other ransomware by requiring manual execution to pick the most important files. This strategy has allegedly also been deployed by state-sponsored actors on the healthcare industry with ‘surgical precision’.
• WannaCry ransomware exploded in 2017 infecting almost 230,000 Windows-run systems. It had significant attacks on hospitals, one of which caused widespread disruptions in the British National Health Service, canceling about 20,000 appointments. The vulnerability has the potential to rapidly spread through networks, gaining access to devices and locking the computer system until the ransom is paid.
• URGENT/11 was discovered by a leading cybersecurity expert in 2019, to be a major security concern, involving third-party software called IPnet. Communicating with multiple computers over a given network, the threat was found to affect almost 6 different operating systems across the list of devices.

How can you combat the attacks on your medical devices?

While HDOs play a part in dealing with the larger attack surface of the entire hospital network, MDMs must have an action plan in place. For the best method for defending against these attacks, MDMs need to make sure both the pre-market and post-market security strategies are in place.

The first stage of these strategies includes designing devices with secure-by-design and state-of-the-art techniques. The second deals with the combined efforts of remaining alert, building risk assessment plans (including patching and vulnerability monitoring) and having a strong vulnerability disclosure policy.

In addition, MDMs should follow updated cybersecurity industry regulations and guidelines in order to help secure medical devices, ensuring patient safety.

Need guidance on getting started?

Reach out to us to get one step closer to secure medical devices.