Security News

The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups.

The cybersecurity challenges of securing PACS. Medical imaging is a critical component in providing patient care and PACS is where these images and accompanying clinical information are stored and delivered from when needed. PACS is part of a highly complex healthcare delivery organization environment that includes back-office systems, electronic health record systems, pharmacy and laboratory systems, an array of electronic medical devices, and often cloud storage for medical images.

Today, more than half of healthcare respondents have increased their public cloud and hybrid cloud use, and 46% have invested more in private cloud environments in an effort to quickly provide new work-from-home employees with access to IT resources. Healthcare hybrid cloud deployments: Key findings The future of healthcare is dependent on decommissioning of legacy architecture: Currently, more healthcare companies run exclusively traditional, non-cloud-enabled datacenters than any other industry, compared to 18% globally.

Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security and a leader with the I Am The Cavalry grassroots initiative, said that hospitals are facing widespread security threats from ransomware to data IP theft. In 2016, I led the authoring of a document called the Hippocratic Oath for Connected Medical Devices, which essentially was a translation of the ages-old Hippocratic Oath into a modern era, now that increasingly healthcare delivery is being undertaken by medical devices by electronic healthcare records and other systems that support the physicians.

More than 100 medical devices made by GE Healthcare are affected by a potentially serious vulnerability that could allow an attacker to access or modify protected health information, medical cybersecurity company CyberMDX reported on Tuesday. The vulnerability, which is tracked as CVE-2020-25179 with a critical severity rating, has been found to impact CT scan, molecular imaging, PET, X-Ray, ultrasound and mammography devices, as well as workstations and imaging devices used in surgery.

A vulnerability in GE Healthcare's proprietary management software used for medical imaging devices could put patients' health privacy at risk. GE's closed source management software runs on top of the Unix-based operating system installed on medical imaging systems to enable remote maintenance and update procedures.

Complimenting our focus is a Threatpost eBook Healthcare Security Woes Balloon in a Covid-Era World that neatly packages our complete in-depth report on the topic. Threatpost's eBook examines these inherent security challenges, as well as how COVID-19 has drastically reshaped the healthcare space over the past year when it comes to security risk.

The pandemic's unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry's cybersecurity defenses. Woods, who has worked for the past 10 years with small hospitals, healthcare focused nonprofits and government entities, added, "If technology goes offline, doctors and nurse practitioners can no longer give the quality of care that they were able to, or to as many people. Right now, with COVID-19, there's a dramatic rise in the attack surface and the number and types of systems that are being used," he said.

2021 is likely to see more of the same with a variety of threats and vulnerabilities affecting the healthcare industry. In a report released on Wednesday, security firm Kaspersky offers six predictions that will impact healthcare providers next year.

There are, of course, other factors that play a role in the attackers' preference for healthcare-related targets: the talent shortage for cybersecurity experts with healthcare expertise, the fact that most healthcare employees still don't make cybersecurity a priority, the fact that many of the devices and technologies they use run on antiquated operating systems - to name just a few. There might come a time when cybersecurity becomes a part of medical curriculums - in the meantime healthcare organizations can significantly lower the number of successful attacks with the proper defenses and training, DiMaggio notes.