Potential cyber vulnerabilities in hospitals
Security researchers are discovering numerous vulnerabilities, or publicly discoverable systems, in hospitals. A new research report from Trend Micro reveals new cyber threats in hospitals. In addition to publicly discoverable systems, potential attacks on the supply chain are among the most important attack vectors.
Using the search engine Shodan, the researchers were able to find numerous public
discover detectable security vulnerabilities and networked systems. The experts estimate their number at 50,000 to 80,000 vulnerabilities worldwide. In addition to individual devices, these also include networks, databases and servers with medical image material, such as CT, MRT and
X-rays.
"While discoverability by means of Shodan does not in principle yet mean that
these systems are not protected or vulnerable. However, it facilitates
Cybercriminals to find security vulnerabilities to gain access to systems
preserved. Thus, it poses an avoidable and unnecessary risk to
hospitals," explains Udo Schneider, Security Evangelist at Trend Micro,
the research results.
The most common gaps
The researchers estimate distributed denial of service (DDoS) attacks as a
Most likely and most dangerous type of cyberattacks on hospitals
followed by ransomware.
Risks in the supply chain
The report also highlights an attack scenario that has received little attention to date: attacks on the supply chain. Modern hospitals are highly complex systems that require a multitude of service providers and suppliers, and each third-party vendor is a potential vulnerability if it does not take cybersecurity as seriously as the hospital itself.
Without proper network segmentation and thorough third-party security audits, hospital IT managers risk compromising the integrity of their systems and potential compliance violations.
Recommendations for action
The report concludes with a series of recommendations on how hospital IT managers can protect their systems. In addition to technical solutions such as an up-to-date, multi-layered IT security solution, these include awareness and training programs for employees and service providers. Furthermore, the transfer of data in and out of the network should be strictly regulated and a response plan for the case of cyber attacks should be developed.
IT security researchers from Trend Micro, together with the organization
HITRUST (Health Information Trust Alliance) to improve cybersecurity in modern
Hospitals investigated. The investigation report now published
Securing Connected Hospitals shows the attack vectors that can be exploited by the
increasing digitalization and networking in the healthcare sector.
Further information
The full Securing Connected Hospitals research report can be found at.
here in the following links, partly in english language for download:
https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf
Trend Micro has developed a security reference architecture for networked devices in the
health care system. You can find information here:
https://www.trendmicro.com/us/iot-security/Solutions?h=All&v=Health_Care
