Cyber security: medical devices open to hack attack

IT vulnerabilities within healthcare technology across critical medical systems, networking equipment and interconnected devices has the potential to affect us all. 

Tech news site, The Register, reported in September that researchers found thousands of hospital devices online are open to attack. These included MRI scanners, pacemakers, and cardiology equipment. They were able to discover exposed equipment from a range of healthcare organisations via the internet, including one business in the U.S. exposing more than 60,000 medical systems.

These vulnerabilities are particularly relevant because of the value of the information cyber criminals can steal: personalised patient medical records, clinical trials results and sensitive intellectual property can be significantly more valuable than credit card details gained from phishing or ransomware pay-outs.

The industry-wide implications of a data breach or hacking incident could have enormous ramifications if patients’ confidential and sensitive medical records were exposed. Where critical medical systems are affected, this could even cost lives.

In this new era of digitised medicines and technological developments such as wearables and internet-connected devices, data and software security is paramount. It is vital that healthcare and life science companies take note of these findings and understand the wide range of threats they are facing in order to protect their customers, patients, employees, reputation and ultimately their business.

The research findings here have illustrated that across healthcare technology, the lack of security awareness acts as an unlocked door to cyber criminals. This highlights the importance for all businesses of understanding critical risks and implementing best in class controls, for example regular security audits, updating computer software, anti-virus tools and malware detection services.

These are the key to locking-down your systems from unauthorised entry, ensuring the would-be hacker looks elsewhere.

This article is part of a Cyber Security blog series by Scott Sayce, Underwriting Director at CNA Hardy, and has been reproduced with permission. To read more of Scott’s blogs, or for more information about CNA Hardy, click here.