All industries are experiencing the ongoing threat of cyberattacks, and healthcare is no exception. The financial impact of a cyberattack can wreak havoc on the bottom line. More importantly, a cyberattack at a healthcare organization can risk patient safety and cost lives.
In a recent report, researchers analyzed more than 200,000 infusion pumps that automatically deliver medications and nutrients to patients and found that 75% contained at least one known security gap. More than half were susceptible to two known vulnerabilities dating as far back as 2019. Vulnerabilities are the flaws in software or hardware that enable attackers to take unauthorized actions or gain malicious access. Unpatched vulnerabilities leave healthcare organizations at an elevated risk of compromise. After all, it only takes one unpatched vulnerability for a data breach or ransomware attack to occur.
The infusion pump findings are a microcosm of a larger security problem with medical devices. Increased access to wide-scale internet scanners allows even novice threat actors to identify unpatched or misconfigured systems. Every time a new medical device connects to a healthcare network, it can increase the risk to patient safety, hospital operations and billing systems. But there are ways you can minimize the risks.
Gain 360-degree visibility
With a multitude of new medical devices, the attack surface has expanded, creating security blind spots for hospitals and medical facilities. Healthcare organizations need a holistic view of internal systems and security tools to properly defend against cyberattacks. With 360-degree visibility, your team can monitor and hunt for malicious activity across IT, cloud and Internet of Things (IoT) assets.
“Having 360-degree visibility ensures that no stone is unturned from a threat detection perspective,” said Lyndon Brown, Chief Strategy Officer at Pondurance. “All of a customer’s systems and infrastructure must be deeply monitored on a 24/7 basis to look for malicious or suspicious activity. This activity must then be investigated and stopped as soon as possible to prevent damage and loss.”
Integrate incident response (IR)
Before your team ever experiences a cyber event, you need an incident response plan in place as a strategy to identify, contain, eradicate, and recover from a cyberattack. A good incident response plan helps you know the vulnerable entry points in the network, recognize where your sensitive data resides, and understand how to quickly respond to a threat. And timeliness is key. Having an IR retainer in place can ensure that an experienced incident response provider is ready to support you at a moment’s notice.
According to IBM Security’s Cost of a Data Breach Report 2021, it takes an average of 287 days to identify and contain a data breach, and the longer it takes to identify and contain the breach, the more costly it is.
“The amount of damage caused by an attack generally correlates with the time it takes to detect said attack,” said Lyndon. “Integrated incident response enables organizations to stop threats before systems can be damaged or patient safety can be impacted.”
Employ vulnerability management
Threat actors will use any means necessary to gain access to your networks, endpoints or servers. Unpatched vulnerabilities are one of the primary sources of access for cyberattackers to steal sensitive data, harm systems and applications, infect malware, and more. In fact, 60% of all breaches are the result of unpatched vulnerabilities. As it relates to medical devices, there is a need to know every medical device on the network, promptly replace outdated devices, and discover any vulnerabilities that require attention.
“A vulnerability on someone’s laptop can potentially impact medical devices connected to the same network — and a flaw in an ill-maintained IoT device can put the business systems at risk,” said Lyndon. “Vulnerability management is about identifying, prioritizing, and patching the most critical ones. Without this, organizations leave large holes open that attackers can exploit.”
Talk with Pondurance
The infusion pumps report reminds the healthcare industry of its many vulnerabilities in the cyber landscape. But there are ways to protect your organization from cyberattackers. Pondurance offers Managed Detection and Response to provide 360-degree visibility across networks, endpoints, logs, and the cloud; integrated Incident Response to stop threats before harm occurs; and a Vulnerability Management Program to reduce the attack surface to protect sensitive data and keep patients safe.