Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • Why is it Safer to Use a Prebuilt Platform for your Website?
    • Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity
    • 10 Strategies to Stop Ransomware Attacks
    • Rajiv Kulkarni Talks about the Malware Analysis Pipeline
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 27, 2022

      Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 26, 2022

      10 Strategies to Stop Ransomware Attacks

      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 27, 2022

      Why is it Safer to Use a Prebuilt Platform for your Website?

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

    TechSpective
    You are at:Home»Security»APT (Advanced Persistent Threats)»How can hospitals protect their medical equipment from malware?
    hospital operating room

    How can hospitals protect their medical equipment from malware?

    0
    By Adam Winn on June 25, 2015 APT (Advanced Persistent Threats), Malware, Security Awareness, Threat Intelligence

    The challenges in protecting hospitals from cyber attacks are very similar to those faced in ICS and SCADA environments; the equipment used in hospitals is not user-serviceable and therefore often running out-of-date software or firmware. This creates a dangerous situation where:

    1. The devices have known vulnerabilities that can be easily exploited by bad actors
    2. Administrators are not likely to notice malware running on the device as long as nominal operation is maintained

    The end goal of bad actors infecting a medical device is to use it as an entry and pivot point in the network. Valuable patient records are not likely to be present on the medical devices, but those devices often have some level of network connection to the systems that do contain patient records.

    What exactly is a bad actor likely to do after getting a foot-hold on the network?

    1. Move laterally to find patient records that can be used for:
      1. Identify theft
      2. Blackmail
    2. Steal research data for financial gain
    3. Deploy ransomware like Cryptolocker, effectively crippling the facility unless a bribe is paid
    4. Trigger widespread system malfunctions as an act of terrorism
    5. Carry out a ‘hit’ on a specific patient

    The first three items are strictly motivated by financial gain, and this has been the extent of observed attacks to date. The fourth item seems possible but unlikely, either due to morals or the relatively higher value of attacking other targets like power plants or defense facilities. The fifth item hasn’t been detected yet, but that doesn’t exclude the possibility that it has happened. Carrying out a silent assassination with malware would be very hard to trace back to the attacker, and could even be sold as a service (similar to DDoS as a service).

    The scenario for number 5 sounds like something out of a Tom Clancy novel, but it is completely plausible. The attacker (or entity paying for the attack) would only need to know the target, have knowledge of an upcoming procedure, and know where the procedure was to take place. One caveat is that identifying which device(s) would be used with that patient, and when, could be difficult but not impossible to know.

    Real-World Vulnerability Examples

    Billy Rios, a security researcher, recently went public with a vulnerability that affects drug pumps and could potentially be exploited to administer a fatal dose of medication to a patient. Rios notified the DHS and FDA up to 400 days ago about the vulnerability and saw no response, so he went public to put pressure on the manufacturer to fix the issue. Faced with the reality that some medical equipment manufacturers do not invest in securing their devices from exploitation, the onus of security therefore falls on the users of such equipment.

    This discovery shows a real-world example of how a cyber attack could affect a medical device and potentially endanger lives. There is no question that this type of threat needs to be taken seriously. The real question is, how can hospitals effectively protect devices such as these?

    It’s clear that installing antivirus software on medical equipment is impractical and basically impossible. Furthermore, healthcare IT are relatively helpless to patch the software and firmware running on these devices. So considering those vulnerabilities, and the difficulty in remotely scanning these devices, the best solution is simply to prevent malware from ever getting to these devices. Thankfully this challenge has already been solved in ICS and SCADA environments.

    In a recently profiled attack on hospitals, one of the infection vectors was thought to be a technician visiting a compromised website on a PC with direct access to a picture archive and communication (PACS) system. The report details that the malware was detected but not before infecting the PACS system. Due to the nature of the system it could not be scanned for malware, let alone cleaned. It was then used as a pivot point to find a system with medical records that could be exfiltrated back to the attacker.

    Medical facilities share vulnerabilities with SCADA and ICS, so why shouldn’t they also share protection mechanisms? Critical infrastructure providers, especially power plants, often make use of air-gapped networks as a very effective defense mechanism. Taking the above story as an example, the PC with a web browser and internet access should not have also had access to PACS. This simple step would have stopped the infection from doing any damage at all. If, for example, the technician needed to download something from the internet and transfer it to PACS then it would have to be transferred onto the air-gapped network.

    How Sanitization of the Operating Room Compares to Preventing Cyber Infections

    Hospitals and their staffs are very accustomed to preventing the spread of biological infections and they must now apply similar levels of prevention to preventing the spread of cyber infections. Defending against cyber infections, by comparison, is much easier. The medical industry isn’t alone in fighting this threat–they don’t have to invent new techniques for preventing infection, they simply need to adapt the proven strategies employed by other industries.

    Simply employing an air gap doesn’t guarantee security. The point of the air gap is to create a point through which data movement is carefully controlled. Additional measures must be employed to ensure that pathogens are not allowed access. In medicine these measures consist of removing foreign material with soap and water, and disinfecting with various antimicrobial agents. It’s not practical to scan doctors and nurses for bacteria, so every surface is assumed to be contaminated until sufficiently cleaned and disinfected. The control point in a data flow is comparatively easier to maintain, as there are techniques for quickly finding infections on media moving through the air gap. For extra protection, any files deemed ‘clean’ can still be disinfected to completely eradicate the possibility of a threat going undetected.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleNow you can use Facebook Messenger without a Facebook account
    Next Article DockerCon was about more than just the Open Container Project
    Adam Winn
    • Website

    Adam is the senior product manager for the GEARS platform, and also works on a cloud Wi-Fi management system. His primary goal is to ensure OPSWAT products are meeting the manageability and security needs of its current and future customers. He is an avid researcher and enjoys solving technical challenges.

    Related Posts

    10 Strategies to Stop Ransomware Attacks

    Rajiv Kulkarni Talks about the Malware Analysis Pipeline

    IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    Comments are closed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 27, 2022

    Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Coffee and Politics
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    Coffee and Politics
    Adobe
    Adobe
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    PopSpective

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.