A cyber attack that crippled Washington, DC-area healthcare provider MedStar this week is another reminder of vulnerabilities that hospitals face.
The MedStar attack came a month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system and more than a year after intruders broke into health insurer Anthem’s database containing the medical records of nearly 80 million people.
In Anthem’s case, only a single password stood between hackers and the carrier’s database, according to media reports on the federal lawsuit filed by customers of the breach.
As hospitals continue to adopt Internet-connected medical devices, they take on new entry points for criminals.
Kaspersky Labs, a global leader in cybersecurity, recently released a report called “How I Hacked a Hospital.”
The Kaspersky team accessed a clinic’s local wi-fi system through what it described as a “weak communications protocol.” Then using a search engine for internet-connected devices, it gained access to some medical devices without ever entering a password.
In another study by Independent Security Evaluators, researchers were able to “commandeer computer systems that track medicine delivery and bloodwork requests” from within a hospital lobby.
“Currently, healthcare organizations focus their security efforts almost entirely on protecting patient data, and on pursuing compliance in order to do so,” Ted Harrington, the security researcher who led Independent Security Evaluators’ investigation, told Gizmodo. “These things support but do not wholly address what should be the primary security mission in healthcare: protecting patient lives.”
Much of the vulnerability comes down to budgets, Malwarebytes security researcher Jérôme Segura told Gizmodo. “The combination of older (sometimes archaic) systems with staff members not well-trained against security threats opens the door to ransomware attacks.”
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.