Your healthcare facility is under attack. This time the threat isn’t to your network or even your internal systems. This time the attack is focused on Medical Devices and the threat to patient care and your reputation could be life-threatening. Will Medjacking become the next wave in healthcare ransom demands?
Medjacking is the hacking of medical devices with the intent to harm or even kill the patient. At least that was the old intent and definition. How long will it be before we see this become the new form of ransomware? Only time will tell.
In the past, the fear was that these types of hacks would be used to target specific and high profile individuals. In this current environment attacks on healthcare facilities and specific hospitals are up and the demands for ransom are as well. I fully believe that targeting of devices and holding your patients for ransom may well be next in line.
It is a dark thought, but I do believe this is where things are progressing. So, what are you doing to stop these and other cyber threats at your facility?
Here Are Some Tips:
- Establish a Cybersecurity task force and attach it to your Board of Directors if you have not already done so.
- Question and work with your medical device vendors about flaws, security concerns and what to do if a device is breached.
- Set up an in-house lab where medical devices will be tested and scrutinized internally.
- Establish protocols to prevent unnecessary placement of devices onto the network, WiFi, or other unneeded communications.
- Establish protocols to keep medical devices from communicating needlessly with other devices.
- Turn off all needless wireless communications with implanted or other devices.
The above list is not meant to be exhaustive or to be the only steps put into place, but just a starting point. Have your internal cyber security task force look for and establish additional security flaws and protocols as needed.