The healthcare industry has raised concern regarding the Ransomware and other viruses, as the systems are noticing constant trouble due to cyber-attack on automatic software and firmware updates. The rise in the attack on the medical devices is due to the development of internet-connected medical devices, these attacks are worsened due to the other troubling type of attack known as the “Shadow hammer attacks”, this is a malware which is also very hard to prevent or protect.
It is estimated last year around 40 Million instances of breach of personal records were recorded in the healthcare industry, although the main reason for this is given to be either the device is serving a life-saving function and an update can complicate the situation or the devices can fail and lead to serious implications, Furthermore the part of problem is that most of the devices are bought in by the medical staff and no one bothers informing the IT or security team.
The systems on which the devices are build are IOT based, and IOTs are known to be very notorious for being difficult to patch, in 2019, health administrations continued to get hit with data breaches and ransomware attacks, leaving the sector in an estimated $4 billion loss. Five US healthcare administrations informed ransomware attacks in a particular week last June. A Michigan based medical practice had to be closed down last year after they refused to pay ransomware to the attackers.
Dr. Saif Abed, CEO of Clinical Cyber Defense Systems, believes that the only way to tackle this issue is by implementing a “Zero trust approach”, to verify the credentials of every individual trying to get into the system, unrelatedly of whether they are inside or outside the network premises, the reality should revolve around understanding the basics, knowing when, what and who are connecting to your devices, then identify the exposure and have a patching strategy.