Mobile security a growing concern for hospitals

August 24, 2016
According to the study 82 percent of hospitals surveyed expressed grave concerns about their ability to support and protect mobile devices, patient data, and the hospital’s technology infrastructure. Their concerns are a result of the growing threat of cybersecurity attacks on mobile devices as these devices are used more often and more frequently for a growing number of applications. The threat, writes mhealthwatch, is indeed growing.

Mobile devices such as smart watches, smart glasses (Google Glass e.g.), smartphones and tablets are very helpful when it comes to easier acces to patient data, diagnostic tools et cetera. But these devices can introduce vulnerabilities to the hospital’s network and infrastructure through new attack vectors that include:

  • Malware – designed to penetrate networks, steal information, and cover up its tracks
  • Blastware – designed to destroy or disable a system when detected
  • Ransomware – designed to block access to a computer system until money is paid.Mhealthwatch adds that hospitals surveyed were particularly concerned about personally-owned mobile devices used by physicians and advanced practice nurses. BYOD and other such trends increase the need for stricter policies concerning the clinical use of privat devices on the hospital’s infrastructure.

Health sector most threatened by malware

Last July security company TrapX stated the health care sector has become one of the most threatened industries when it comes to malware, cyberattacks et cetera.  It is under attack more  often these days than industries such as financials and retailing.

A good example a new version of the Conficker-malware,  that is specifically targeting connected medical equipment. The threat is serious, because a lot of connected equipment in for example hospitals have low levels of security, TrapX states in a press release concerning the report Anatomy of an Attack – Medical Device Hijack 2” (MEDJACK 2).

Often these devices push to or receive data from databases (like EHR’s) full of patient information. If they have been infected with malware, cybercriminals can gain access to the patient information. Mostly these days that is the ‘gold’ cybercriminals are after. They have little or no interest in seizing medical equipment in order to hurt patients, though it’s possible ransomware can infect a device, making hospitals pay money if they want to use a device again.

Standard security

Last May Deloitte released a study showing hat over half the hospitals surveyed used standard passwords (i.e. factory settings) to secure their connected medical equipment. Of the 24 hospitals surveyed in nine EMEA countries . Only a fifth stated that the majority of their devices use secure network connections to ensure data reliability and confidentiality.

According to the Institute for Critical Infrastructure Technology IoT applications such as in hospitals are vulnerable to hacking, A possible scenario is the use of ransomware to extort hospitals and other medical institutions, threatening to shut down equipment such as pacemakers and insuline pumps unless a certain amount of money is paid.