The health care industry is one of the most attractive sectors to hackers. Not only do hospitals, doctor offices and other facilities store and have access to an array of patients’ personal information, but many organizations also have financial details on file to facilitate billing processes.
One of the most damaging attacks on the health care sector took place just last year when the now-infamous WannaCry outbreak impacted organizations across more than 100 countries.
According to Trend Micro’s Securing Connected Hospitals report, this ransomware infected National Health Service systems, preventing facilities from accessing patient records. The attack created scenarios in which infected hospitals were forced to reroute ambulances to other facilities. Doctors even had to cancel appointments and reschedule surgeries, all thanks to WannaCry.
This is by no means the first time the health care industry has been impacted by a far-reaching attack, and it likely won’t be the last.
“As hospitals and other health care facilities adopt new technology, add new devices, and embrace new partnerships, patients get better and more efficient services – but the digital attack surface expands as well,” Trend Micro’s report states. “The more connected they get, the more attractive they become as lucrative targets to threat actors.”
Top cyber security risk areas
As the WannaCry outbreak demonstrated, an infection-based attack can have a significant impact on a health care facility and its patients. The three most at-risk areas in terms of malicious cyber activity in the health care industry include:
Exposed connected devices
The above described areas of hospital operations and patient data are put at risk through a number of different factors. However, as the report shows, one of the most persistent issues includes exposed connected devices which provide an entryway for hackers and malicious actors.
Modern health care facilities include more connected health information systems than ever before, encompassing settings and elements like:
However, when these devices are exposed and accessible through the internet, it puts daily operations and patient care at risk. Some of the instances and situations that can cause connected health care devices to be exposed include:
As the Trend Micro research indicates, just because a device is exposed doesn’t necessarily mean it is compromised. An exposed device simply means the endpoint is connected to the internet and, therefore, discoverable and accessible through a public connection.
The threat of Shodan
Another factor to take into account here is Shodan. As a search engine that enables users to discover internet-connected devices, it represents a beneficial solution for organizations to identify unpatched vulnerabilities and exposed assets within their systems.
At the same time, though, Shodan also offers advantages for hackers, who could leverage Shodan to surveil and gather intelligence about a target organization’s connected devices and systems to support malicious activity.
“[This] is why Shodan has been called the World’s Most Dangerous Search Engine,” Trend Micro’s study notes.
Problem with exposed ports
Although the inherent connectivity of today’s advanced applications and devices are critical to their functionality, it is this connectedness that also puts them at risk.
A notable issue identified by Trend Micro is the problem of exposed ports. Researchers identified a number of different exposed and viewable ports within the current health care industry, including these identified ports that could create the greatest risks:
Other exposed areas to monitor
As Trend Micro’s research shows, exposed ports and hackers’ ability to exploit certain protocols aren’t the only issues to be aware of – items like exposed databases and industrial controllers can pose a threat to health care operations as well.
“Databases are also treasure troves of critical/sensitive/important data, which makes the lucrative targets for hackers,” Trend Micro’s report states. “Compromising exposed building automation controls can allow a hacker to ‘turn off the lights’ inside the hospital. Doomsday scenarios like these are unfortunately not unrealistic, and extreme care should be taken to ensure building automation controllers are never exposed on the public internet.”
Safeguarding health care devices
As Trend Micro’s research clearly demonstrates, any exposed endpoint – from diagnostic and surgical equipment to electronic health record systems and exploitable protocols – can provide the window malicious actors need to interrupt operations and prevent quality patient care.
For these reasons, hospital administrators and IT stakeholders must ensure that sensitive equipment and devices have the proper protection in place, and that the necessary network connectivity doesn’t result in these devices being exposed via public connections.
To find out more about connected devices in the health care industry, read Trend Micro’s article and full report.