Connected medical devices put healthcare at risk for sophisticated malware attacks

Connected medical devices that lack security features offer a pathway for coordinated cyberattacks.

Healthcare is one of three industries facing the highest risk of a cyberattack in 2017, particularly as patient records and medical devices have become more interconnected.

Along with the financial and energy sectors, healthcare has emerged as an ideal target for hackers, according to a report released by the Institute for Critical Infrastructure Technology (ICIT). Previous reports have shown that the healthcare industry faces at least one cyberattack each month, and more sophisticated breaches involving ransomware are expected in the coming year amid ongoing concerns regarding cybersecurity capabilities.

RELATED: Healthcare gets a 'D' on cybersecurity report card

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

Although providers have been a frequent target of cyberattacks in the past, ICIT notes that the healthcare industry is fortunate that more serious attacks haven’t disrupted patient care or placed patients at risk for harm. A larger scale attack using Mirai malware—which turns computer systems into malicious bots—could have more widespread and devastating consequences.

The growing use of connected medical devices ranging from MRI machines to pacemakers presents a new and especially difficult risk. Most of these devices lack built-in security features and could be used as part of a multi-tiered attack.

RELATED: Cybersecurity: What 2016 taught the healthcare industry

ICIT recommends each industry consider the long-term consequences of existing cybersecurity tactics, improve organizational security controls, and develop actionable incident response plans to prepare for distributed denial of service (DDoS) attacks. At a higher level, regulators need to do more to ensure the Internet of Things (IoT) devices include the necessary security features, and the cybersecurity community needs to focus on developing open source code for IoT software.

Suggested Articles

Tennessee released its proposal to CMS to become the first state to convert federal Medicaid funding into a block grant.

The introduction of high-accuracy 3D mobile location provides healthcare facilities with a mechanism to locate and track high-value equipment.

Add Weill Cornell Medicine to the list of medical schools taking action to help students with the high cost of education.