The most popular and comprehensive Open Source ECM platform
Let us know more
Healthcare and Security: Third-Party Medical Devices Often Provide Point of Entry
Cyber attacks continue to plague health care organizations. In 2016 there was a 63 percent increase in major attacks against health care providers. Among all HIPAA data breaches, cyber attacks against health care providers now account for nearly a third of all data breaches, according to cybersecurity defense company TrapX.
Carl Wright, general manager of TrapX, said that “Healthcare data presents an attractive target for organized crime. Healthcare records are the new credit card, providing cyber thieves much larger returns on their breach activities.”
Contrary to popular belief, hospital IT infrastructure security is actually often very good. The problem is often with insecure third-party medical devices that access the hospital network.
The TrapX report found that many of hospitals that were victim to attacks had fairly advanced security measures in place. One hospital, for example, had a strong security operations team that had previously participated in penetration testing. Another hospital had in place endpoint security, intrusion detection, a gateway and internal firewalls. The third hospital was using security that was considered consistent with best practices. All of these hospitals failed despite the strong measure that they had put into place.
The TrapX report suggests that hospital staff should carefully review their contracts with medical device suppliers. Moshe Ben Simon, Security co-founder and vice president at TrapX, said that “these contracts should address the detection, remediation and refurbishment of medical devices sold by the supplier that later become infected by malware. Hospitals must have a documented test process to determine if their devices have become infected, and suppliers must have a documented standard process for remediating and rebuilding devices when they’re exploited by cyber attackers.”
