What the Colonial Pipeline cyber attack means for healthcare
The cyber attack on Colonial Pipeline, the largest fuel pipeline in the US, has had grave ramifications not only for the energy sector, but for many other industries demonstrating just how important it is to protect national infrastructure.
In the healthcare sector this is more critical than ever. In 2020 healthcare-related cyber attacks rose by 55%. With the rise in digitalisation and healthcare becoming increasingly connected, it is also becoming more at risk of cyber crime. Cyber attacks on IoT devices surged by 300% in 2019 alone, accounting for more than 2.9 billion events.
A recent survey by software security company Irdeto of senior executives at Fortune 1000-sized US companies within various Internet of Medical Things (IoMT) fields, revealed that ransomware attacks on hospital networks and medical devices are skyrocketing. Their research shows that 80% of survey participants report having suffered at least one cyber attack in the past five years, and face dozens of additional threats on a daily basis.
The most common attacks were ransomware, malware, phishing, spoofing and DDoS, with customer databases, employee information and even R&D platforms being exploited.
Despite this 88% of medtech executives said they are not prepared for a cyber attack and only 18% believe the security built into their medical device products is strong.
"Connected medical devices are increasingly the target of cyber attacks, and the attack on the Colonial Pipeline underscores how critical it is to prepare the IoMT industry for cyberattacks" Steeve Huin, CMO at Irdeto says.
"The hack is another proof point that vulnerabilities will be exploited and the healthcare industry needs to employ adequate security measures and have a plan in place for not if, but when an attack occurs" he adds.
"Medical records are a precious resource on the dark web today, raking in upwards of $250-$1,000 apiece, as they enable bad actors to take over identities, commit health insurance fraud, and more. Patients expect that their data will be well protected, and this will become a determining factor to their choices for selecting a care provider, medical device, virtual care solution, and other healthcare options going forward."
For healthcare organisations to protect themselves, Huin recommends taking the following steps:
- Employ basic network security for existing medical infrastructure
- Procure connected medical devices that employ best in class security, and keep them up to date against new threats
- Put a plan in place with someone responsible to trigger actions and coordinate an immediate response should an issue arise