How to protect equipment from ransomware attacks

October 10, 2017

The devices that reveal the inner workings of the human body can also expose healthcare organizations to lethal attacks by hackers

The devices that reveal the inner workings of the human body can also expose healthcare organizations to lethal attacks by hackers who use medical equipment to infect computer systems with ransomware.

Ransomware-the insidious software that locks up data and enables hackers to demand financial payments to release it-has evolved during the past decade into a sophisticated, multi-billion dollar crime ring. This is evidenced by the WannaCry attack earlier this year that affected 200,000 Microsoft Windows-based machines in more than 150 countries.

According to a report released by the U.S. Department of Homeland Security, the healthcare field remains one of the richest targets for ransomware attacks because of its need for immediate access to patient records.   

But how does a ransomware infection make the leap from medical devices like MRIs into the heart of practice computer systems? 

Entry through back doors

Medical devices are often accessible outside of normal network login requirements because manufacturers maintain separate, backdoor access for maintenance purposes. Cyber thieves manipulate this access point to gain initial entry into a computer network. Then the malicious software can travel swiftly throughout the whole system when records from MRIs, CT machines and ultrasounds are electronically passed shared among medical staff. 

Once they get in, hackers can wreak havoc on medical organizations, as they did to the National Health Service in the UK during the WannaCry attack or at Hollywood Presbyterian Hospital. The latter paid $17,000 in bitcoin to ransomware bandits who froze the hospital’s data for more than a week in 2016. 

While WannaCry victims were running Windows 7, which still has security updates from Microsoft, medical devices are even more vulnerable to ransomware attacks because they operate on older legacy systems such as Windows XP, which Microsoft no longer supports.

 

Consequently, even if a medical facility protects its network, it remains vulnerable if a laptop connected to an MRI is still running on the older software.

The prohibitive cost of medical equipment often prevents hospitals, surgery centers and medical practices from replacing older machines or other devices that operate on outdated software. Or vendors may only provide an upgrade if the facility agrees to spend thousands of dollars on new devices. For example, the latest camera for imaging equipment is required in order to make it compatible with newer versions of Windows-at a cost of $200,000. In fact, concerns about compatibility issues, in general, can prevent some healthcare professionals from updating their equipment.

 

Assess risks, address vulnerabilities

Regardless of the reasons, medical practices leave themselves open to attacks by hackers when they delay upgrades. Like a slow-growing cancer, malware that infects medical devices operating on older software can remain dormant for a long period before erupting into ransomware demands that debilitate the entire network.

To catch cyber culprits in the early stages-or to prevent them from gaining access in the first place-it is essential to perform a security risk assessment (SRA).

But the SRA is not enough on its own. Medical practices must also back up and encrypt their data, conduct vulnerability scans, develop backup/disaster recovery plans and train employees to spot phishing scams that could lead to malware and ransomware attacks.

The rapid proliferation of medical devices demands  active measures to protect patients from harm by hackers. That means practices cannot afford to lag behind in keeping all access doors to health data firmly locked.