Internet-connected Medical Devices under Cyber Criminals’ Radar


The global healthcare sector is increasingly embracing modern technologies, such as IoT, big data, remote monitoring, and other such internet-based technologies to deliver the best patient care. While they present a host of benefits to patients and healthcare organizations, they are becoming increasingly susceptible to online attacks. Cybercriminals have developed their capabilities to the extent that they can shut down hospitals’ computer networks by breaking into medical devices and freezing EHRs, or remotely controlling patients’ devices to kill them potentially.

For several years, healthcare organizations have fallen prey to cybercriminals who intend to steal sensitive personal information and medical records. But in recent years, a spike has been observed in such incidences. In March 2020, Bitdefender reported a 60% month-on-month increase in hospital cyberattacks.

The growing use of virtual care, telehealth, and other remote healthcare services during the pandemic and increased reliance of medical providers and patients on internet-connected medical devices has exacerbated the situation, expanded the spectrum of the target and threat list, and brought to the surface many basic vulnerabilities.

With so many hacking incidences of internet-connected medical devices coming to light, cybersecurity has become a top federal priority. Recently, President Joe Biden signed an executive order to make the cybersecurity measures more robust.

Universities and large hospitals are setting up elaborate labs to keep their networks safe.

The Medical Device Plug-and-Play Lab at Massachusetts General Hospital, for instance, has been designed to test medical networks to make them immune to cyber hackers.

Hacker conventions are being organized around the country to show the healthcare industry their vulnerabilities and ways to keep their systems safe.

Besides all these measures, healthcare organizations have a big job to do.

They should find a way to track devices that could be vulnerable and figure out ways to prevent attacks before they happen. They should even consider collaborating with outside experts in order to keep devices secure.

For example, Trimedx, a cybersecurity consulting firm based in Indianapolis, has helped Community Health Network strengthen its connected devices’ security.

There are several other simple and effective ways healthcare organizations can protect themselves from cyberattacks, such as – investing in software and firmware with good internal security, keeping on top of software updates, ensuring good digital literacy of the employees, and most importantly, adopting a ”zero-trust approach, which involves verifying everything before granting access to its systems and not trusting anything either inside or outside of its perimeters.

It’s unfortunate that cybercriminals are taking advantage of an industry that involves saving lives. But it’s a bitter reality, and it’s vital that the healthcare industry place cybersecurity on a pedestal higher than it has been in the past.