With all the many versions of New Normal we’ve seen this year, it’s even more important to stay aware and vigilant. October is the month many countries around the world collaborate to raise awareness for cyber security. The initiative is embraced by government and industry as an opportunity to educate all people about the importance of staying safe online -- and it’s one that we all need to support.
The U.S. Department of Homeland Security (partnered with the National Cyber Security Alliance) launches a new theme this year that we are extending to healthcare delivery organizations. The 2020 message of Do Your Part. #BeCyberSmart emphasizes how everyone can participate in ways to keep us all safe -- whether on social media, at home, at work, at school or in the community. The CyberMDX mission is to enable healthcare delivery organizations worldwide to provide quality care by securing and protecting the systems and devices they rely on every day to treat illnesses and save lives. Because our mission focuses on protecting hospital networks from cyber-attacks, we also want to emphasize that in a digital world, medical devices, healthcare records, and all Internet of Things that support people care must be secure. Similarly, everyone who is close to any of those touch points must be accountable and we want to help educate them on how.
The advent of the Internet of Things brought life-changing efficiencies to the healthcare industry – which is projected to reach a market size of $10 trillion by 2022. The technology created new ways to scale to serve a growing world population which often struggles to serve patients in remote areas that lack medical services. It also opened a window to conquer the challenge of quality service delivery amid rapidly rising costs. Of course, with those efficiencies, arose another very significant obstacle - cybersecurity risk.
The reason -- security of medical devices is a serious concern for patients’ well-being and pervasiveness of device vulnerabilities are too easy a target for bad actors. The vast majority of medical devices (estimated around 80%) run on outdated systems. Most hospital networks lack visibility and control of these, and all the other devices connected to their network. This gap limits their ability to identify critical events, pinpoint the source of the problem, and effectively respond. In the New Normal, most recently with the Covid-19 pandemic, these risks were exacerbated as resources faced unprecedented challenges.
In support of this worldwide effort, we are sharing a series of videos focused on “How Hospital Hacks Happen”. Each video will showcase a different attack vector and actor, how the hack takes place, and what could have been done to prevent it. A look into the vulnerabilities from phishing, to a watering hole, to Wi-Fi network manipulation will be featured.
Also as part of this effort, we want to add our ongoing commitment to contributing and sharing our own findings which leverage the knowledge base of the CyberMDX Research team. We work closely and frequently with regulatory bodies including CISA, MITRE and the FDA as well as with numerous medical device manufacturers and HDOs. The efforts here are specifically directed to creating awareness and education of medical device and other IOT vulnerabilities and how to better protect your organization from the threat.
Beginning today, this blog, as well as the first in the series of videos are live. We’ll also follow this with a new video each week through the month of October. We sincerely care about the people we help to keep safe and hope the illustrations and recommendations featured in these videos will help raise awareness for us all to do our part. #BeCyberSmart. #BeIOMTsecure.
- How Hospital Hacks Happen (Video 1): The Unmanaged IOT
- How Hospital Hacks Happen (Video 2): The Watering Hole
- How Hospital Hacks Happen (Video 3): Internal Access Points
For More Information: If you want to learn more about the specific challenges that were created when medical devices and networks were connected to the Internet, below are several sources for your reference.