At a time when more connected medical devices are making their way into patients’ homes, increasing the need for stronger precautions and industry cooperation to stop attacks, according to a new report from medical technology firm Becton. Advanced cyber threats targeting the healthcare sector are on the rise. Dickinson.
Ransomware, phishing, and software vulnerabilities are among the top challenges facing medical technology manufacturers, hospitals, laboratories, pharmacies, and patient homes with software-enabled medical devices. , said BD in its third annual cybersecurity report released Wednesday.
“Medical device cybersecurity is more important than ever as the number of smart, connected devices grows and healthcare expands into more care settings, including the patient’s home,” the report said. said. To raise awareness and protect patients, device manufacturers, healthcare providers, regulators and researchers need to work together to share their best practices and threat intelligence, she added BD. rice field.
Only device makers block 114 million intrusion attempts are made per month.Key Part of the company’s approach to cybersecurity is its routine practice of disclosing vulnerabilities and outlining the actions it takes to protect against emerging threats. Rob Suárez, BD Chief Information Security Officer, said:
“We are very big proponents of coordinated vulnerability disclosure.” Suarez said in an interview.
Data from cybersecurity firm SonicWall shows that ransomware attacks, in which cybercriminals seek to extort money, fell 23% overall in the first half of 2022, but increased 328% in healthcare.
U.S. government agencies, including the Department of Health and Human Services, the FBI, the Cybersecurity and Infrastructure Security Agency, last year issued warnings about ransomware attacks aggressively targeting the healthcare sector using increasingly sophisticated technology.
These strategies ranged from adopting a ransomware-as-a-service (RaaS) model, deleting system backups to complicate data recovery efforts, to encrypting servers storing electronic medical records, diagnostic and imaging data.
In one example, published in November, the HHS Health Sector Cybersecurity Coordination Center reported that Venus ransomware operators targeted Remote Desktop Services to encrypt Windows devices, resulting in the loss of at least one US healthcare institution. warned the industry that The alert follows a ransomware attack that hit hospital system CommonSpirit Health in October. Delayed electronic medical records and patient care in many areas.
Malware attacks are also on the rise, with incidents up 11% to 2.8 billion in the first half of last year, according to SonicWall.cyber security company.
BD’s report describes efforts by various cybersecurity working groups and companies to promote secure practices, including ethical hacking exercises, scenario training, and preparations to increase visibility into software bills of materials. increase.
The PATCH Act, introduced by Congress last year, requires medical device manufacturers to develop and maintain updates and patches throughout the lifecycle of their devices. Manufacturers should develop plans for timely addressing post-market cybersecurity vulnerabilities and create software bills of materials for each product and its components.
BD has reported several cyber vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA) in recent months, including vulnerabilities in BodyGuard infusion pumps that deliver fluids and medications to patients.
The company’s annual cybersecurity report details how to prepare for cyberattacks and communicate risks with customers.
“Talking about vulnerabilities is a taboo subject, but we think it’s the right thing to do.” Suarez said. “circleI want to send the message that we take cyber security very seriously. It doesn’t matter when. ”
