Next Previous

Hospitals: Are you prepared for IoT in the ICU?

1 February, 2017

A case could be made that no industry has been as adversely affected by cyberattacks in the past few years as health care. By March, The Washington Post had already determined that 2015 was "the year of the health care hack." It wasn't hard to see why: Between Anthem and Premera alone, more than 90 million patients had already had their electronic health records compromised.

Unfortunately, it appears health care hasn't faired any better in 2016. In fact, the sector witnessed a 63 percent year-over-year increase. Much of that growth likely came in the form of ransomware. In fact, an estimated 88 percent of all ransomware attacks targeted health care institutions as of September 2016, according to Healthcare IT News.

But some of these new attacks originated with a silent and potentially deadly type of attack: medical device hijacking. 

How medjack works

While the use of Internet of Things endpoints in hospitals for medical functions has led to innovation in patient care, it has also had the unfortunate consequence of creating new attack vectors. Hackers have taken notice. 

Nasty new strains of malware that become embedded in IoT medical devices are capable of moving laterally on the network in search of medical endpoints that have a strong probability of connecting to electronic health records. Beyond that, hackers might hijack a medical IoT device to enlist it in a botnet army that will be used to launch a DDoS attack. As ThreatPost contributor Tom Spring so alarmingly put it, "there is a chance that life-saving dialysis machine is infected with malware, could even be processing fraudulent credit card transactions, or is part of a DDoS attack as it cleans your blood."

As scary as that sounds, the most frightening prospect is the idea that a digital medical device might be unable to perform a life-saving function as a result of a cyberattack. There is no precedent for such an attack yet, but if Stuxnet taught us anything, it's that malware can indeed physically damage critical equipment. If it can happen to a nuclear centrifuge, why can't it happen to a pacemaker or a life-support system?

Medjack malware such as Conficker is infecting medical devices in search of patient records.Medjack malware such as Conficker is infecting medical devices in search of patient records.

Detecting and responding to network abnormalities will be critical

Realizing the benefits of medical IoT without putting patient data or their well-being at risk will require a robust security operation center capable of monitoring the entire network and device ecosystem for behavioral abnormalities in real time. Advanced analytics are central to this threat detection endeavor due to the volume and complexity of activity on a modern network. Once threats are detected, network administrators must have an incident response plan in place that lets them minimize the potential for damage in the most efficient manner possible.

Taking this threat detection and response approach to cybersecurity will be critical to managing IoT in the ICU, and the many other wings of hospitals that now rely on connected devices.