Healthcare needs to defend devices, apps. Stat!
A study found that healthcare organizations are wrongly focusing just on protecting patient data while ignoring potential attacks against medical devices and apps.
Healthcare facilities are focusing their defensive efforts in the wrong place by primarily trying to protect patient information while ignoring other avenues of cyberattack against medical devices and applications.
A 71-page report by Independent Security Evaluators (ISE) that studied healthcare facilities, data centers, medical devices and software applications for cyber weaknesses found that medical facilities not only defend mainly against single and small groups, while underestimating the potential threat posed by terrorist and nation-state cybercriminals, but also use antiquated equipment and procedures.
ISE ran a series of attacks and found it was a simply matter to crack a hospital's network enabling it to manipulate medical gear in a way that would endanger the patient. Another attack mode had teams placing malware-laced USB sticks in the facility that were picked up and inserted into medical equipment by staffers and found that within 24 hours the planted malware had appeared in the system.