14 DAY TRIAL // In the past period, numerous experts and even government organizations have issued warnings about the cyber threats that stalk medical devices such as insulin pumps, pacemakers and defibrillators.
Bitdefender has issued a warning of its own, along with some important advice for medical centers.
The main problem stems from the fact that most of the modern medical devices are connected to the Internet, or at least they have a piece of software that’s used to control them.
“An unspoken law of IT security is that any vulnerability will eventually be exploited. Patients risk losing their pe rsonal data, and systems within the hospitals may slow down and even become unresponsive if infected,” Bitdefender Chief Security Researcher Alexandru Balan explained on the company’s HotForSecurity website.
“The scenarios that may derive from this may very well look like crime movies. Hackers can perform attempts at patients’ lives, steal information about high profile or public figures, and use them as a beachhead for other social-engineered targeted attacks.”
Cyber incidents that involve medical devices can be prevented if manufacturers make sure that the software embedded into them is secured properly.
However, there’s another attack vector: the command and control devices housed by medical centers.
In order to prevent cyberattacks, these institutions must always ensure that their computers are running up-to-date antivirus solutions.
Furthermore, the operating system must be kept updated at all times, since many attacks leverage bugs in the OS itself, not third-party applications.
When communicating through Virtual Private Network (VPN) services, organizations should ensure that a strong encryption is set in place.
The bring-your-own-device (BYOD) trend raises a lot of concerns for organizations, including medical centers. That’s why proper policies must exist to avoid any unwanted situations.
Wi-Fi networks should be kept separately from the infrastructure that handles critical operations since wireless connections are often exploited to gain access to restricted networks.
Finally, Intrusion Detection Systems (IDS) are highly recommended since they can sound the alarm if any breach attempts are detected.