71% of IoT Medical Device Ransomware Infections Caused By User Practice Issues

Back to QNT News

Indian Health Care News

March 7, 2018

Last month, SamSam, the latest ransomware attack, took down the entire municipality of Farmington, New Mexico, and two hospitals—Hancock Health and Adams Memorial. What’s more, Allscripts appears to have become the first EHR vendor brought down by ransomware, although officials have said the variant is slightly different than the strain impacting those other organizations.

Ransomware and other cyberattacks are unceasing. And one major attack surface that is particularly vulnerable to attacks is the Internet of Things and other medical devices in healthcare.

The most common types of Internet of Things medical devices security alerts originate from user practice issues, such as using embedded browsers on medical workstations to surf the web, conduct online chat or download content, accounting for 41% of all security alerts, according to a new study by ZingBox, an Internet of Things cybersecurity company.

Correlating the findings against notable cyberattacks in 2017, the study points out that 15% of the hospitals included in the study were infected by WannaCry, ransomware or similar attacks exploiting Windows SMB vulnerabilities, according to the “Medical Devices Threat Report” from ZingBox, which detected, identified and analyzed the behavior of medical devices deployed in more than 50 hospitals, clinics and other healthcare locations. Medical devices studied include infusion pumps, patient monitors, imaging systems and medical device gateways.

The top two device types infected by such attacks were imaging systems (65%) and nurse call systems (21%), the study found. User practices issues accounted for 71% of ransomware infections.

The study showed infusion pumps are the most widely deployed connected medical devices but are not the leading cause of device-oriented security alerts. The leading cause is imaging systems, which were the source for 45% of all security alerts, followed by patient monitors at 32%.

“It is interesting to point out that while infusion pumps make up nearly 50% of connected devices in hospitals, they don’t represent the largest cyberattack surface,” said Xu Zou, CEO and co-founder of ZingBox. “Security alerts relating to infusion pumps were only at 2%. However, attention to protecting these devices should still be a priority since a successful attack on a single infusion pump could result in disabling the bulk of all infusion pumps through lateral movement and infection.”

The remaining 21% of the device-oriented security alerts are distributed across other device types.

Additional findings from the study include: 51% of all reported user practice issues came from imaging devices; nearly 80% of the instances of outdated operating systems and software applications identified are from patient monitoring devices; and only 6% of healthcare sites infected by WannaCry were able to successfully apply patches.

“Understanding how vulnerabilities enter our networks is critical to protecting patient data and safety in healthcare settings,” Zou said. “As we continue to gain more knowledge about how attacks enter our systems, we can better arm our staff and networks to prevent these dangerous events.”

Copyright 2018 FFC Information Solution Private Limited. All Rights Reserved.

Copyright © LexisNexis, a division of Reed Elsevier Inc. All rights reserved.  
Terms and Conditions    Privacy Policy

Quality News Today is an ASQ member benefit offering quality related news
from around the world every business day.

ASQ is a global community of people passionate about quality, who use the tools, their ideas and expertise to make our world work better. ASQ: The Global Voice of Quality.