There were more than 700,000 hacking attacks in any given minute against healthcare organizations in the fourth quarter of 2016, according to a study of 450 providers around the world by the threat intelligence arm of cybersecurity vendor Fortinet.
"By far, the most interesting trend we have seen is Internet of Things-based attacks," said Derek Manky, global security strategist and head of the FortiGuard Labs global threat research team at Fortinet. "These are attacks not going after traditional Windows-based PCs or Internet Explorer but rather the No. 1 attacks specifically in healthcare have been against an operating system called VxWorks. We saw about two million attempts to hack into this system in Q4 2016. This runs on medical devices and infusion pumps and personal monitors, these sorts of things, and that's really concerning."
Fortinet will be discussing the results of this study, among other things, next week at the 2017 HIMSS Conference and Exhibition.
"I was at our customer advisory board last year in Q4 with CIO and CISO leaders, and traditionally, network administrators and cybersecurity leaders have been all about protecting corporate infrastructure and medical records," Manky said. "That is very important still. But now they are also faced with securing the Internet of Things. Physicians want these types of networks to remain operable. Do whatever it takes to keep these networks up because these networks are connected to humans."
Manky advises HIMSS attendees with cybersecurity on their minds keep one important concept on their minds: visibility.
"Too often the enemies of security are invisible, they are not seen and there is a false sense of security," he said. "Just because you do not see anything doesn't mean your network is fine. I would say start with visibility, looking into things like SIEM for configuration on devices. And we have a free program for cyberthreat assessment on networks. The mistake is traditionally people try to build up security against an invisible enemy. First you have to find out what is happening in your vertical and then build the proper security solutions against that."