Weak AI security Exposes IoT Medical Devices to Risk of Cyberattacks
|
By HospiMedica International staff writers Posted on 18 May 2019 |
|
Image: With cyberattacks a major challenge for companies, stronger AI solutions can help to prevent them (Photo courtesy of e3zine).
The proliferation of healthcare internet-of-things (IoT) devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes. These findings published by Vectra AI Inc. (San Jose, CA, USA) in its Vectra 2019 Spotlight Report on Healthcare underscore the importance of utilizing machine learning and artificial intelligence (AI) for detecting hidden threat behaviors in enterprise IT networks before cybercriminals have a chance to spy, spread and steal.
The report by Vectra AI, which applies AI to detect and respond to cyberattacks in real time, is based on observations and data from the 2019 RSA Conference Edition of the Attacker Behavior Industry Report that reveals behaviors and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare and eight other industries. According to the report, gaps in policies and procedures can result in errors by healthcare staff members such as improper handling and storage of patient files, which is a soft spot for cybercriminals targeting global organizations and industries and looking for weaknesses to exploit.
The report found that hidden HTTPS tunnels were the most prevalent method used by attackers to hide command-and-control communications in healthcare networks. This traffic represents external communication involving multiple sessions over long periods of time that appear to be normal encrypted web traffic. Attackers mostly used hidden domain name system (DNS) tunnels to hide data exfiltration behaviors in healthcare networks. Behaviors consistent with exfiltration can also be caused by IT and security tools that use DNS communication.
There has also been a spike in behaviors consistent with attackers performing internal reconnaissance in the form of internal darknet scans and Microsoft Server Message Block (SMB) account scans. Internal darknet scans occur when internal host devices search for internal IP addresses that do not exist on the network. SMB account scans occur when a host device rapidly makes use of multiple accounts via the SMB protocol that is typically used for file sharing.
Several healthcare organizations have witnessed ransomware attacks in recent years, although the report found that ransomware threats were not as prevalent in the second half of 2018. Nevertheless, it still remains important to catch ransomware attacks early before files are encrypted and clinical operations are disrupted.
“Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information,” said Chris Morales, head of security analytics at Vectra. “Improving visibility into network behavior enables healthcare organizations to manage risk of legacy systems and new technology they embrace."
Related Links:
Vectra AI
The report by Vectra AI, which applies AI to detect and respond to cyberattacks in real time, is based on observations and data from the 2019 RSA Conference Edition of the Attacker Behavior Industry Report that reveals behaviors and trends in networks from a sample of 354 opt-in enterprise organizations in healthcare and eight other industries. According to the report, gaps in policies and procedures can result in errors by healthcare staff members such as improper handling and storage of patient files, which is a soft spot for cybercriminals targeting global organizations and industries and looking for weaknesses to exploit.
The report found that hidden HTTPS tunnels were the most prevalent method used by attackers to hide command-and-control communications in healthcare networks. This traffic represents external communication involving multiple sessions over long periods of time that appear to be normal encrypted web traffic. Attackers mostly used hidden domain name system (DNS) tunnels to hide data exfiltration behaviors in healthcare networks. Behaviors consistent with exfiltration can also be caused by IT and security tools that use DNS communication.
There has also been a spike in behaviors consistent with attackers performing internal reconnaissance in the form of internal darknet scans and Microsoft Server Message Block (SMB) account scans. Internal darknet scans occur when internal host devices search for internal IP addresses that do not exist on the network. SMB account scans occur when a host device rapidly makes use of multiple accounts via the SMB protocol that is typically used for file sharing.
Several healthcare organizations have witnessed ransomware attacks in recent years, although the report found that ransomware threats were not as prevalent in the second half of 2018. Nevertheless, it still remains important to catch ransomware attacks early before files are encrypted and clinical operations are disrupted.
“Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information,” said Chris Morales, head of security analytics at Vectra. “Improving visibility into network behavior enables healthcare organizations to manage risk of legacy systems and new technology they embrace."
Related Links:
Vectra AI
Gold Member
SARS‑CoV‑2/Flu A/Flu B/RSV Sample-To-Answer Test
SARS‑CoV‑2/Flu A/Flu B/RSV Cartridge (CE-IVD)
Mammo DR Retrofit Solution
DR Retrofit Mammography
Absorbable Monofilament Mesh
Phasix Mesh
Latest Business News
- Philips and Masimo Partner to Advance Patient Monitoring Measurement Technologies
- B. Braun Acquires Digital Microsurgery Company True Digital Surgery
- CMEF 2025 to Promote Holistic and High-Quality Development of Medical and Health Industry
- Bayer and Broad Institute Extend Research Collaboration to Develop New Cardiovascular Therapies
- Medtronic Partners with Corsano to Expand Acute Care & Monitoring Portfolio in Europe
- Expanded Collaboration to Transform OR Technology Through AI and Automation
- Becton Dickinson to Spin Out Biosciences and Diagnostic Solutions Business
- Boston Scientific Acquires Medical Device Company SoniVie
- 2026 World Hospital Congress to be Held in Seoul
- Teleflex to Acquire BIOTRONIK’s Vascular Intervention Business
- Philips and Mass General Brigham Collaborate on Improving Patient Care with Live AI-Powered Insights
- Arab Health 2025 Celebrates Landmark 50th Edition
- Boston Scientific Acquires Medical Device Company Intera Oncology
- MEDICA 2024 to Highlight Hot Topics of MedTech Industry
- Start-Ups To Once Again Play Starring Role at MEDICA 2024
- Boston Scientific to Acquire AFib Ablation Company Cortex
Channels
Critical Care
view channel
Light-Based Technology to Measure Brain Blood Flow Could Diagnose Stroke and TBI
Monitoring blood flow in the brain is crucial for diagnosing and treating neurological conditions such as stroke, traumatic brain injury (TBI), and vascular dementia. However, current imaging methods like... Read more
AI Heart Attack Risk Assessment Tool Outperforms Existing Methods
For decades, doctors have relied on standardized scoring systems to assess patients with the most common type of heart attack—non-ST-elevation acute coronary syndrome (NSTE-ACS). The GRACE score, used... Read more
Surgical Techniques
view channel
Robotic Assistant Delivers Ultra-Precision Injections with Rapid Setup Times
Age-related macular degeneration (AMD) is a leading cause of blindness worldwide, affecting nearly 200 million people, a figure expected to rise to 280 million by 2040. Current treatment involves doctors... Read more
Minimally Invasive Endoscopic Surgery Improves Severe Stroke Outcomes
Intracerebral hemorrhage, a type of stroke caused by bleeding deep within the brain, remains one of the most challenging neurological emergencies to treat. Accounting for about 15% of all strokes, it carries... Read more
Patient Care
view channel
Revolutionary Automatic IV-Line Flushing Device to Enhance Infusion Care
More than 80% of in-hospital patients receive intravenous (IV) therapy. Every dose of IV medicine delivered in a small volume (<250 mL) infusion bag should be followed by subsequent flushing to ensure... Read more
VR Training Tool Combats Contamination of Portable Medical Equipment
Healthcare-associated infections (HAIs) impact one in every 31 patients, cause nearly 100,000 deaths each year, and cost USD 28.4 billion in direct medical expenses. Notably, up to 75% of these infections... Read more
Portable Biosensor Platform to Reduce Hospital-Acquired Infections
Approximately 4 million patients in the European Union acquire healthcare-associated infections (HAIs) or nosocomial infections each year, with around 37,000 deaths directly resulting from these infections,... Read more
First-Of-Its-Kind Portable Germicidal Light Technology Disinfects High-Touch Clinical Surfaces in Seconds
Reducing healthcare-acquired infections (HAIs) remains a pressing issue within global healthcare systems. In the United States alone, 1.7 million patients contract HAIs annually, leading to approximately... Read moreHealth IT
view channel
