The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as the disease spread, targeting medical IoT devices and healthcare networks.
According to Forrester Research analyst Chris Sherman, two U.S. hospitals have already been attacked via virtual care systems, after a hacker targeted a vulnerability in a medical IoT device (specifically, a remote patient-monitoring sensor) and gained access to the hospitals’ patient databases. And in another type of attack, the Fresenius Group, a medical device maker and the largest private hospital operator in Europe, has been hit by ransomware.
“To me, it’s clear attackers are increasing their focus on medical devices,” Sherman said. “The attackers are directing their efforts really to any system that’s exposed to the internet, which is a concern given how flat most healthcare networks are.”
The precise extent to which threats have risen due to the pandemic is unclear, but most experts agree that there seems to be a correlation. Sherman said that some reports place the figure as high as three to five times the number of attacks that would ordinarily be expected, but argued that those figures might be a slight exaggeration.
Healthcare providers are particularly ripe targets for ransomware attacks for several reasons. Medical IoT devices are, all too often, poorly secured against intrusion, according to NTT Canada’s cybersecurity practice lead, Stew Wolfe.