U.S. healthcare industry in critical condition, says cybersecurity task force

U.S. healthcare industry in critical condition, says cybersecurity task force

In a recent report, the U.S. Department of Health and Human Services has flagged the country’s healthcare industry as highly vulnerable to cyber-attacks and ransomware.

The DHHS’ Health Care Industry Cybersecurity Task Force has revealed that healthcare cybersecurity is in critical condition and requires a complete overhaul.

The task force’s report has revealed damning details on the healthcare industry’s cyber-security standards and how well the industry is prepared to safeguard private information from hackers. “What we consistently encountered was a strategic pitfall in cybersecurity environment. Healthcare cybersecurity is in critical condition,” said Josh Corman, a member of the task force and Atlantic Council Director of the Cyber Statecraft Initiative.

WannaCry ransomware exposed vulnerabilities of medical devices in the US

“Given the interconnectivity and diversity within the sector, the interdependency of subsectors on one another, and the disparity between organizations’ ability to address cybersecurity issues, healthcare as a whole will only be as secure as the weakest link,” the task force noted.

The report revealed a lack of designated cyber-security officials in most hospitals and also that smaller hospitals did not invest in cyber-security as they believed only larger institutions were targeted by hackers. The task force termed this as a flawed concept since hackers didn’t discriminate between hospitals ‘due to the value and sensitivity of healthcare data.’

Hunt lauds ‘committed’ NHS staff’s response to WannaCry ransomware attacks

The task force has recommended that the Health and Human Services Secretary must publish standards and guidance consistent with the NIST Cybersecurity Framework, must establish a Task Force to explore options to incentivize risk-based cybersecurity, and should make recommendations to Congress about required statutory changes.

At the same time, the task force has called upon the healthcare industry to inventory their clinical environments and document unsupported operating systems, devices, and electronic health record (EHR) systems, replace or upgrade systems with supported alternatives that have superior security controls where possible, develop
and document retirement timelines where devices cannot yet be replaced, and leverage segmentation, isolation, hardening, and other compensating risk reduction strategies for the remainder of their use.

Pacemakers found to contain 8,000 vulnerabilities including lack of encryption

Last year, the US Food and Drug Administration issued draft guidance for medical device manufacturers to address cyber security risks last year. The guidance recommended manufacturers to monitor, identify and address cyber security vulnerabilities in medical devices and understand the importance of information sharing via participation in an Information Sharing Analysis Organization (ISAO).

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities—some we can proactively protect against, while others require vigilant monitoring and timely remediation,” said Suzanne Schwartz, associate director of the FDA’s Centre for Devices and Radiological Health.

Despite the FDA’s warnings, medical device manufacturers were literally caught napping following the WannaCry ransomware attacks in May. Following the ransomware attack, several medical devices developed by the likes of Bayer and Siemens were found to be affected.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]