Cyber security deals with all aspects of security in information and communication technology. As the degree of networking of medical products increases, cybersecurity has also become an important topic for medical product manufacturers and operators.
Nowadays almost all devices are networked with each other. Now each patient’s personal data is stored in a clinic. There are also many devices which store data and then send it to the clinics. A very good example of such a device is a pacemaker. Modern cardiac pacemakers save the pulse data and adapt to the load situation. The pulse data can be read out, and these devices can also be programmed externally. There are also systems from different manufacturers in which the device connects to the internet, Wi-Fi or Bluetooth from home and the data is sent to the clinic so that the patient does not need to go to hospital for the examination.
IT Security is also one of the most neglected aspect in modern medical devices. For this reason, modern technology also has many risks. Communication between the patient and the doctor is often done via a smartphone. Private personal data from patients are sent back and forth without encryption. Software problems can also endanger the life of the patient. In other fields of IT, a lot of focus is given to IT security but in medicine there is lack of focus on IT security. In one of the latest researches, it has been revealed that in USA the updates of 500,000 pacemakers were provided over the internet without authentication. Due to its high risk, the automatic updates through Wi-Fi have been stopped in past for people appointed on important positions.
Another example of a such a modern device is insulin pumps. A small box is glued to the belt which measures the blood sugar and automatically injects small amounts of insulin either permanently or by pressing the head. It also prevents strong fluctuations in the values.
You can also control and program this device using a mobile phone app. Modern insulin pumps also have many risks. There is weak or no encryption of the remote-control signals. Some devices just have a default setting. i.e., you only have to enter the four-digit code and then you are connected to the device. Usually, this default code is either 0000 or 1234 and this is very easy to crack. If someone cracks the code then they can simply increase the dose of insulin or do something dangerous which can cause a mortal danger.
Why cybercriminals target the healthcare sector?
There are three main reasons why health care sector is one of the favourite targets for cybercriminals. First one is financial gains. For cyber criminals the health record and private information is highly valuable. Mostly, the servers of hospitals are hacked, and the data of patient’s is stolen. The stolen data is then sold on dark web or the hackers can encrypt the data and demand some money in the form of Bitcoins. Hospitals get in a helpless situation because they cannot use the data unless the data is decrypted, and this can only be done, if they pay for the key to the hackers.
Second reason is easy target due to high vulnerability. The health industry lacks when it comes to digital literacy among personnel. Mostly, there are no standards or well-described regulations followed in health sector. On top of it outdated software makes it easy for the cybercriminals to target health sector.
Another reason is that health sector also provides an entry point to a larger attack. If cyber criminals attack a large hospital, then they will easily shut down many operations in that hospital or countrywide in all hospitals. This can cause an emergency situation in the country without going into a physical war.
What steps can be taken to improve cyber security in healthcare sector?
The health sector should apply zero trust policy. No information should be accepted or delivered before verifying the credentials. The personnel should be trained to tackle situations and to minimize the effects in case of an attack.
Technology and robotics are playing a significant role in medical field. So far, not enough attention has been yet given to the IT-Security in the medical field. Due to this reason, a large amount of modern medical devices are very easy to hack. It is the need of hour that the companies get more conscious about risks of the IT security before any major mishap happens.