CSO Online reporting how malicious actors have resorted to targeting medical devices to bypass hospital security as a means of entering the protected enclave and then potentially compromising sensitive data:
In March of this year, the Identity Theft Resource Center (ITRC) tagged healthcare as the source of 33-percent of all listed incidents nationwide, noting that nearly 100 million healthcare records were compromised in the U.S. alone in Q1 2015.
And yet, within a given healthcare environment, most devices can’t leverage traditional security solutions.
A hospital, for example, can’t install their local security suites or various offerings on these devices, as they’re managed by the manufacturer or contracted party. Because of this, TrapX says in their report, problem resolution was delayed in at least one case due to the fact that the hospital’s IT staff couldn’t access the equipment.
“It could take weeks to handle these security incidents because of both scheduling and access to the manufacturer’s resources. Once the malware was removed, we found the medical devices could be re-infected fairly quickly,” the report explains.
Attackers will always use crafty, inventive techniques to get inside a network. How well protected is your network from these unique vectors?