According to a new report from medical technology company Becton, sophisticated cyber threats targeting the healthcare sector are on the rise as more and more connected medical devices enter patients’ homes, increasing the need for strong preventative practices and industry collaboration to thwart attacks. Dickinson.
Ransomware, phishing and software vulnerabilities are among the biggest challenges facing medical technology manufacturers, hospitals, laboratories and pharmacies, as well as patient homes where software-enabled medical devices are used, a said BD in its third annual cybersecurity report released Wednesday.
“Medical device cybersecurity has become more critical than ever as the number of smart, connected devices increases and healthcare expands into more care settings, including patient homes,” says the report. report. To increase awareness and protect patients, device makers, healthcare providers, regulators and researchers must work together to share best practices and threat intelligence, BD added.
Only the device manufacturer blocks 114 million intrusion attempts per month, he says. A key part of the company’s approach to cybersecurity is to disclose vulnerabilities and describe the activities it undertakes to protect against emerging threats, said Rob Suárez, Chief Information Security Officer at BD.
“We are very big proponents of coordinated vulnerability disclosure,” Suárez said in an interview.
Ransomware attacks in which cybercriminals attempt to extort money fell 23% overall in the first half of 2022, but rose 328% in healthcare, according to data from the cybersecurity firm SonicWall.
US government agencies, including the Department of Health and Human Services, the FBI, and the Cybersecurity and Infrastructure Security Agency, issued alerts last year warning of ransomware attacks that aggressively targeted the healthcare industry using increasingly sophisticated techniques.
These strategies ranged from using a ransomware-as-a-service (RaaS) model, to deleting system backups to complicate data recovery efforts, and to encrypting servers that house electronic health records, diagnostic and imaging data.
In an example made public in November, the HHS Health Sector Cybersecurity Coordination Center warned the industry that Venus ransomware operators were targeting remote desktop services to encrypt Windows devices, with at least one American health organization becoming a victim. This alert followed a ransomware attack that hit the CommonSpirit Health hospital system in October, disrupting access to electronic health records and delaying patient care in a number of regions.
Malware attacks are also on the rise, rising 11% to 2.8 billion incidents in the first half of last year, the first escalation in global malware volume in more than three years, according to SonicWall, accybersecurity company.
BD’s report outlines the efforts of various cybersecurity task forces and the company to advance secure practices, including ethical hacking drills, scenario training, and preparation for greater threat visibility. software nomenclature.
The PATCH Act introduced in Congress last year would require medical device makers to develop and maintain updates and patches throughout the lifecycle of their devices. Manufacturers should create a plan to quickly address post-market cybersecurity vulnerabilities and create a software bill of materials for each product and its components.
BD has reported a handful of cyber vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA) in recent months, including weaknesses in its line of BodyGuard infusion pumps that deliver fluids and medications to patients.
The company’s annual cybersecurity report details how it prepares for cyberattacks and communicates with customers about the risks.
“Talking about vulnerabilities is taboo, but we think it’s doing the right thing,” said Suarez. “WWe want to convey the message that we are very vigilant about cybersecurity. It’s not a question of if, but when.“