Ransomware emerging as medical device cybersecurity threat

Malware threat transitioning from health IT environments to medical devices, says Marty Edwards.

Healthcare IT executives have had their hands full trying to protect health data from ransomware. But providers will see medical devices increasingly targeted by this kind of file-encrypting malware, according to a Department of Homeland Security official.

The threat landscape for medical device cybersecurity is rapidly evolving because of the widespread adoption of Internet of Things (IoT) technology, contends Marty Edwards, director of the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.

“It’s only a matter of time before we see some sort of significant type of events that involve patient safety that are cyber enabled,” said Edwards, at a HIMSS17 pre-conference symposium in Orlando on Sunday. “There have been a lot of healthcare providers and hospitals that have fallen prey to ransomware.”

Also See: Ransomware, malware are top exploits of cyber criminals

Edwards noted that at last week’s RSA Conference in San Francisco there was wide discussion around the probability of ransomware transitioning from the healthcare IT environment, where it is now, to the clinical environment.

“What happens when that moves into the operating room, and you actually cannot use the machinery that you need to and it’s held ransom for so many bitcoins?” he asked the HIMSS17 audience.

When it comes to “ransomware moving into the embedded device” area, Edwards said it’s not a matter of “if” but “when” given that the “proof-of-concept code is already in existence for that.” As a result, he believes that this could be the year that medical devices get hit with the equivalent of the malicious computer worm Stuxnet, which damaged Iran’s nuclear program.

In September 2015, the Federal Bureau of Investigation issued an alert warning about the cybersecurity risks that networked medical devices pose to patients. According to the FBI, IoT devices—which connect to the web automatically sending or receiving data, including medical devices such as wireless heart monitors and insulin dispensers—pose a potential threat to patient health as hackers could change the coding controlling the dispensing of medicines.

According to Edwards, the healthcare industry does not have the “device-based instrumentation to even be able to log some of these security events in these environments.”

“By connecting into the Internet, we’ve actually created a threat surface that has ballooned,” said Denise Anderson, president of the National Health Information Sharing and Analysis Center, a non-profit organization dedicated to protecting the health sector from physical and cyber attacks and incidents.

Anderson added that “it’s not just about data—with ransomware attacks it can affect an organization’s operations, so it’s about continuity of operations as well as the integrity of data.”

More for you

Loading data for hdm_tax_topic #care-team-experience...