Even as the coronavirus continues its unrelenting spread across the country and hospitals are gearing up for what is expected to be a massive influx of sick patients, they are on their back foot when it comes to cybersecurity.
According to research from Atlas VPN, 83% of healthcare systems are running on outdated software. Atlas based part of its findings on a Palo Alto Networks survey of 1.2 million Internet of Things (IoT) devices used in thousands of healthcare organizations across the US. Palo’s survey found that 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January of this year.
“Due to the COVID-19 outbreak, hospitals are using patient monitoring devices more than ever,” said Rachel Welch, Atlas VPN’s COO. “Research shows that one-in-four such devices have security issues. Based on these numbers, Atlas VPN estimates that cybercriminals will be focusing on the healthcare sector in 2020.”
SEE: IT pro’s roadmap to working remotely (free PDF) (TechRepublic)
Today, 16% of imaging systems are at a 51% risk of getting hacked; there is a 26% chance that 14% of patient monitoring tools will get attacked. The research also found that 27% of medical devices are still running Windows XP or decommissioned versions of Linux OS. Atlas also reports that, in 2019, the number of stolen medical records increased by 65%, impacting 40 million Americans.
“Even if you do not upgrade to Windows 10, your device will continue operating normally,” said Atlas. “But, you will no longer receive essential security updates or bug fixes, meaning your device becomes vulnerable to various security threats.”
SEE: Telemedicine, AI, and deep learning are revolutionizing healthcare (free PDF) (TechRepublic)
Given the severity of the coronavirus threat and the active targeting of healthcare organizations by hackers looking to cash in using ransomware, more than 40% of healthcare executives were planning to improve their cybersecurity measures in 2020. But still this leaves many digital medical devices vulnerable today as engineers responsible for maintaining these devices often do not receive proper training or resources to ensure best safety practices are being followed, Atlas said.
“Cybercriminals have been using the situation to their advantage since the beginning of coronavirus spread,” Atlas said. “For instance, by creating fake coronavirus maps, they were able to trick people into downloading malware onto their devices. It was only a matter of time before hackers began to take a step further [by] … exploiting the vulnerabilities lying in the US healthcare system.”