“I think providers will continue to increase their efforts, especially in the wake of the number of successful cyberattacks we have seen over the last year,” he said. “I don't, however, foresee healthcare matching the security of other industries in the near future. This is because of the logistical and economical difficulty of transitioning active systems to newer and more secure network topologies and technologies.”

The threat of malware is a rising concern within the healthcare community, posing the threat of misdiagnoses in deliberate attempts to commit insurance fraud, ransomware, cyberterrorism, and even murder. Specialist insurance and reinsurance market Lloyd recently released a report through its Cyber Risk Management (cyRiM) project, which found that the onset of an international malware attack in the form of ransomware risks deals an $89 billion blow to the U.S. economy.


To combat these attacks, the Israeli team recommends installing encryptions between hosts in a hospital’s radiology network, enabling digital signatures so that scanners produce a secure mark of authenticity on each scan for verification, and adopting digital watermarking to add hidden signals to indicate the loss of integrity when tampering occurs, among other tactics.

Mirsky, however, says the adoption of these and other useful cybersecurity measures is slow and expects it to remain so.

“For medical staff, it is likely that they are more focused on saving lives than being HIPAA compliant,” he said. “Moreover, although the HIPAA legislation was put in place to keep patients' medical information safe, it does not translate into enhancing the security of the network and its devices. As a result, determined attackers will ultimately be able access the data. I also think hospitals are more focused on attacks from outside, such as the Internet, than from within. As a result, the internal network security, which is assumed to be inaccessible to outsiders, is lagging far behind, allowing any successful breach that can lead to serious consequences.”

Echoing this sentiment is Xu Zou, the CEO and co-founder of IoT security and analytics provider Zingbox, who describes the study as a "wake up call" for providers to implement more than just partial solutions such as precautions and best practices.

"Healthcare providers must have security solutions in-place designed, to detect sophisticated attacks as well as overcome the security limitations of medical devices, many of which cannot support on-device security measures," he said. "With the malware in this study refined via machine learning, security solutions leveraging the same technology can be used to identify the interception of data as well as the presence of a malicious device or software. Understanding the normal intended behavior of a medical device, including which devices it communicates with, is a critical component of securing connected medical devices. Doing this manually simply does not scale, requiring the need for artificial intelligence, machine learning, and automated 24/7 continuous monitoring."

Back to HCB News

CT Homepage