Connected medical devices put healthcare at risk for sophisticated malware attacks

Cybersecurity
Connected medical devices that lack security features offer a pathway for coordinated cyberattacks.

Healthcare is one of three industries facing the highest risk of a cyberattack in 2017, particularly as patient records and medical devices have become more interconnected.

Along with the financial and energy sectors, healthcare has emerged as an ideal target for hackers, according to a report released by the Institute for Critical Infrastructure Technology (ICIT). Previous reports have shown that the healthcare industry faces at least one cyberattack each month, and more sophisticated breaches involving ransomware are expected in the coming year amid ongoing concerns regarding cybersecurity capabilities.

RELATED: Healthcare gets a 'D' on cybersecurity report card

Although providers have been a frequent target of cyberattacks in the past, ICIT notes that the healthcare industry is fortunate that more serious attacks haven’t disrupted patient care or placed patients at risk for harm. A larger scale attack using Mirai malware—which turns computer systems into malicious bots—could have more widespread and devastating consequences.

The growing use of connected medical devices ranging from MRI machines to pacemakers presents a new and especially difficult risk. Most of these devices lack built-in security features and could be used as part of a multi-tiered attack.

RELATED: Cybersecurity: What 2016 taught the healthcare industry

ICIT recommends each industry consider the long-term consequences of existing cybersecurity tactics, improve organizational security controls, and develop actionable incident response plans to prepare for distributed denial of service (DDoS) attacks. At a higher level, regulators need to do more to ensure the Internet of Things (IoT) devices include the necessary security features, and the cybersecurity community needs to focus on developing open source code for IoT software.