Health IT

Two overlooked healthcare areas vulnerable to cyberattacks

A research paper from Trend Micro and HITRUST looked at exposed medical devices and supply chains, both of which are neglected network risks in hospitals.

cybersecurity, lock, digital, cyberattack

A recent research paper from Trend Micro and HITRUST examined two neglected network risks in hospitals: exposed medical devices and supply chains.

As part of the report, called “Securing Connected Hospitals,” researchers dug deeper into both areas.

They utilized Shodan, a search engine for internet-connected devices. They uncovered various exposed medical systems, healthcare software interfaces and misconfigured hospital networks. None of the information should be public. Though the information is exposed, that doesn’t necessarily mean it’s vulnerable. Still, the fact that it’s exposed means attackers could penetrate into organizations and install ransomware.

In the supply chain realm, researchers identified a variety of threatened areas, including:

  • Firmware attacks on devices. Attackers are able to access and alter the firmware source code of a medical device and add backdoors.
  • Compromises to mHealth mobile apps. These apps can be compromised for various reasons, including to deliver fatal-level dosage, expose PHI, cause HIPAA violations and penetrate other company systems.
  • Compromises to source code during manufacturing. By installing a backdoor, hackers can access and change the source code of a vendor. This can result in malware infections since many hospitals tend not to test device security before network installation.
  • Insider threats. These can come from both hospital staff members and vendor staff and can be either intentional or unintentional. Background checks are crucial to preventing insider threats, but sometimes such checks aren’t thorough enough.
  • Compromises to websites, EHRs and other hospital software. Perpetrators may seek to compromise these systems, particularly web-based EHRs that suffer from common vulnerabilities.
  • Phishing from a trusted email account. In this scenario, attackers send seemingly legitimate emails to clients. They masquerade as an executive and request a list of employees and W-2 information or a wire transfer to a certain bank account.
  • Third-party vendors. Because they have credentials including badge access, logins and passwords, they can work to compromise a network. Sometimes third-party vendors even store physical records or medical equipment, making an attack that much easier.

The report lists a variety of recommendations to mitigate the risk of cyber problems.

On the technical side, researchers suggested breach detection systems, regular Shodan scanning and anti-phishing solutions for email scanning. In addition to technology safety measures, they encouraged hospitals to ensure IT staff — and all employees, for that matter — are adequately trained and informed of the dangers of cyberattacks.

To manage supply chain threats, hospitals should perform a vulnerability assessment of new medical devices and perform risk assessments on all vendors in the supply chain.

Photo: mattjeacock, Getty Images