Amid evolving cyber threats, cybersecurity researchers are warning medical devices manufacturers and healthcare providers to become more assiduous in protecting medical imaging devices from cyber threats. As medical imaging devices become more connected to hospital networks, they also become vulnerable to sophisticated cyber attacks. Attackers can easily penetrate to the computers that control medical devices and block or disable access to them, something that has already happened worldwide. Medical devices present an easy target for hackers. Any cyber attacks on medical imaging devices reveal the following four outcomes.
• Disruption of scan configuration files can install malware that controls the entire CT operation and puts a patient at high risk.
• Medical imaging devices have several mechanical components which receive instructions from a control unit. A malware attack on these components can damage the equipment and injure the patient.
• Image results disruption can happen because medical imaging devices send scanned results via a host computer. An attack may alter results or mix up connected images.
• The malware encrypts a victim's files and demands a ransom to decrypt them.
For building an active cybersecurity strategy healthcare providers must understand the threats facing them. They must also consider potential sources of attacks. Attacks are carried out by the external parties, but internal actors can even pose more significant threats as they have trusted access to the system. External attacks are motivated typically by financial gain or targeting an individual or an organization.
While internal threats can be more challenging to manage as they can happen out of simple negligence. The typical internal security gaps and concerns include:
• loopholes in process
• unpatched software
• lack of encryption
There are plenty of methods providers, and vendors can take to hold off cyber threats. A foremost thing institutions can do to protect their devices is imaging system acceptance testing, which should be undertaken with the partnership of the vendor to assess all vulnerabilities. A periodical assessment over the life cycle of the equipment can serve great protection. Some other steps a healthcare system should include are
• Replacement of outdated devices
• Encryption of interfaces and data at all points
• Cybersecurity training for all employees
Understanding the threats and implementing these security measures is a balancing act between security and being able to do the job. As the interconnectivity of the medical devices increases due to cloud computing, analytics, data storage and the expansion of enterprise imaging the vulnerability will also increase. A ripe cybersecurity culture with strategic planning can only protect the organizations.