Report: Ransomware Attacks on IoT Medical Devices Will Likely Increase | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Ransomware Attacks on IoT Medical Devices Will Likely Increase

November 29, 2016
by Heather Landi
| Reprints
The Intel Security report also predicts that the volume and effectiveness of ransomware attacks will go down in the second half of 2017

Cyber attackers are increasingly breaching Internet-enabled medical devices using ransomware and this is likely to continue for the next two to four years, according to Intel Security’s recent McAfee Labs 2017 Threats Predictions Report.

According to the threat predictions report, in which Intel Security interviewed 31 security thought leaders, while it is not currently known why attackers are breaching medical devices that collect patient data, the attacks are happening and medical data is being exfiltrated.

“More ominously, medical devices that monitor and control human systems—including pacemakers, insulin pumps, and nerve stimulators—are all becoming Internet enabled. Unethical attackers will see these medical devices as the next step in their journey beyond hospital ransomware attacks. Hospitals are successful ransomware targets partly because they need immediate access to information. A pacemaker is an ultimate example of the need for immediate access, so attackers will attempt to find vulnerabilities in these devices as they become Internet enabled and will be able to extort a great deal of money if they are successful,” the report authors wrote.

The prediction about attacks on Internet-enabled medical devices is just one of 21 predictions in the report regarding Internet of Things (IoT) security threats, legal actions and vendor responses in the next four years.

According to the Intel Security report, IoT threats and breaches will prompt political and regulatory responses. “The speed of technology advancement will hinder effective legislation, and vice versa. Differing and even contradictory regulations among countries will make things more difficult for consumers, device manufacturers, and service providers,” the report authors wrote.

Intel Security’s researchers also note that it is possible that hackers understand the consequences of attacking hospitals and other critical infrastructure and pose the question of whether there is “honor among thieves.”

“After a recent ransomware attack on a California hospital, some members of the hacker community belittled the attackers as the “dumbest hackers ever, like they couldn’t hack anything else,” and “if someone were to die or be injured because of this it is just plain wrong.” As unlikely as it sounds, hackers usually have some degree of compassion. As financially appealing as some IoT attacks appear, the potential to cause injury or death will make some of them think carefully about their actions and limit the number and severity of attacks,” the report authors wrote.

Broadly, the Intel Security threat predictions report outlined 14 threat trends to watch in 2017. Intel Security researchers predict that ransomware will remain a significant threat and will peak in the middle of next year. “Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will keep the security industry busy through the first half of the year,” the report authors wrote.

However, on a slightly positive note, the researchers predict that ransomware’s impact across all sectors and geographies will force the security industry to take decisive actions and the volume and effectiveness of ransomware attacks will subside in the second half of 2017. “We predict that initiatives like the No More Ransom! collaboration, the development and release of anti-ransomware technologies, and continued law enforcement actions will reduce the volume and effectiveness of ransomware attacks by the end of 2017,” the report authors wrote.

The 13 other industry-spanning threat predictions from Intel Security include”

  • Vulnerability exploits on Windows cools down as other platforms heat up
  • Hardware and firmware threats an increasing target for sophisticated attackers
  • “Dronejacking” places threats in the sky – researchers cite an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a business and attempt to hack into the local wireless network
  • Mobile threats to include ransomware, RATs, compromised app markets
  • IoT malware opens a backdoor into the home
  • Machine learning accelerates social engineering attacks
  • The explosion in fake ads and purchased “likes” erodes trust
  • Escalation of ad wars boosts malware delivery
  • Hacktivists expose privacy issues
  • Law enforcement takedown operations put a dent in cybercrime
  • Threat intelligence sharing makes great strides. “The Cybersecurity Information Sharing Act provides legal foundations for sharing threat intelligence between the US government and the private sector, and between private sector organizations with liability protection extending to the sharing entities. With this liability protection now afforded them, American corporations are evaluating their sharing polices. We should see much more threat intelligence sharing in 2017,” the report authors wrote.
  • Cyber espionage: industry and law enforcement join forces
  • Physical and cyber security industries join forces

 

Regarding security challenges, the Intel Security report authors concluded, “Increasing our threat defense effectiveness throughout the security industry will be key to staying ahead of the adversaries. It is critical that multiple industry participants work together to solve big-picture problems that cannot be addressed by simple patches or software updates. We need to share information more broadly among industry leaders to not only give us greater volume and detail in telemetry, but also aid in deception techniques. By increasing our use of predictive analytics, improving security visibility with both organizational assets and decentralized data, and reducing our use of dedicated agents, we can increase our effectiveness in the threat defense lifecycle.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.