Cyber threats pose a growing danger to companies and individuals and the risks are constantly evolving like a moving target but recently, it has been seen that the cyber thieves are targeting more of medical devices to get their hands on sensitive information. According to KPMG’s 2015 survey, over the past two years, 81 percent of health care organizations were the victims of cyberthreats and had their data compromised.
Hackers exploit internet connected devices which have poor cyber threat monitoring, cyber security policies and weak data access controls as well as inadequate device disposal practices.
From the Banner Health data breach in Phoenix to the Excellus BlueCross BlueShied breach in 2015 leaking data back from 2013 to the breach of 11 million subscribers of Premera, experts consider the issue serious enough which is not going away anytime soon.
Some common types of cyber attacks on devices include:
▬ Web application attacks-In this type of attack thieves access information through third-party applications.
▬ Malware infection-In this attack, hackers release malware, including viruses, worms and spyware on devices that can steal information.
▬ Ransomware-In this attack a hacker demands monetary payment to unlock a malware on a device.
Though health care companies are concerned with the issue but they do little to protect their data. It’s high time that device makers and healthcare organizations that use medical devices should increase their cyber security to avoid the sensitive data of being leaked. Earlier this year, the U.S. Food and Drug Administration released new guidelines that encouraged medical device makers to implement practices to improve the cyber security of their products, including sharing cyber threat information with other manufacturers.
Experts have recommended organizations to implement new FDA guidelines by following ‘one policy’ approach which will allow addressing cybersecurity through a single policy across all departments. This will involve building stronger device access controls, conducting assessments on a habitual basis and implementing ongoing software updates.
Other than the above method, organizations can also build cyber security features into new products, enforce stronger device access controls and only authorize access to employees who require it and establishing set procedures for dealing with any vulnerability found in the routine assessment conducted in the organization.
Many organizations take little measures until they become the victims themselves but all these measures are important because one in three Americans are victims of health care data breaches. If this is the condition of the biggest power and the most advanced country in the world, the health care organizations of other countries surely will need to be on their toes against cyber attacks.
