Posted by Satoru Kumashiro, May 25, 2021
Addressing the Growing Number of Cybersecurity Vulnerabilities in Healthcare Facilities
Second only to social security numbers, the data available about individuals in healthcare facilities today is extremely profitable information for cyber criminals if they can get their hands on it. Therefore, more medical facilities are now being targeted by a variety of cyberattacks including network hacks and ransomware attacks. But even as cyber threats to medical facilities increase, it is imperative for most medical facilities to connect more devices to their networks with Wi-Fi, which increases the potential attack surface in these facilities as illustrated in Figure 1. This means the following types of security threats at the device level are top of mind for both medical facility IT personnel and medical device manufacturers today:
- Disabling of a device
- General denial of service
- Logging of actions
- Planting malware
Each point of exchange presents an attack surface that is vulnerable to a variety of attacks such as allowing access to sensitive patient data being transmitted or stored, credentials for network access, or other account information
Since many connected devices in medical facilities either contain valuable patient data or are providing patient treatments such as administering medications intravenously or providing correct oxygen levels to COVID patients, if any of these attacks occur, there could be serious consequences. Therefore, whether you are a medical device manufacturer looking for a secure embedded wireless module for your device or a hospital IT manager that needs a safe way to turn traditionally wired devices into secure mobile solutions, cybersecurity needs to be a key consideration when selecting your wireless connectivity supplier.
Cybersecurity is a Moving Target: Don’t Settle on a Static Solution
Hackers and other cyber attackers will never stop looking for ways to breach wireless solutions since the data they are after can be very lucrative. Therefore, just putting a cybersecurity plan into place is not enough to keep your facility protected. You need to know your suppliers and vendors are serious about preventing Wi-Fi vulnerabilities and that they will constantly look to understand new cyber vulnerabilities and regulations impacting the industry.
At Silex Technology, we have had plenty of time as an enterprise wireless solutions provider to develop solid processes that ensure our devices stay up-to-date and are quickly protected against new vulnerabilities. Our four primary tactics for doing this include the following:
- Investigating new vulnerabilities and making fixes as required
- Monitoring ICS Cert advisories and taking quick action as necessary
- Understanding and meeting new regulations
- Evolving product design and testing to address new cyber threats
If your Wi-Fi technology vendor does not have continuous improvement tactics like this in place, your facility may be vulnerable to threats that could result in the release of sensitive patient data or denial of service attacks, both of which could have lasting impacts on your facility and patients alike.
To learn how Silex Technology can help keep your facility safe from cyber threats, download our new white paper, Understanding and Addressing the Unique Cybersecurity Requirements of Medical Facilities.