Medical device security: 3 ways to secure medical devices from cyberattacks

What’s the going rate for medical records on the dark web?

$1? No, that’s how much Social Security numbers sell for. How about $110? Sorry, that’s the high end for credit card information.

Full medical records, according to Experian, can fetch as much as $1,000 because they’re an “identity thief’s dream,” offering up everything, including your date and place of birth, current address, email, and Social Security number.

With the health information of more than 32 million people reportedly breached in just the last year alone, steps must be taken to stop more sensitive data from getting into the wrong hands.

Here are three things hospitals and healthcare providers can do to combat this ongoing threat.

1. Segment your network

There’s a lot of divergent technology available in the healthcare industry. Unfortunately, much of it isn’t secure.

For example, medical images stored in the cloud and integrated delivery systems (IDS) hooked into the hospital network often lack any real protection. According to HIPAA Journal, 400 million medical images were freely accessible online and didn’t require authentication to view or download.

Using older devices can also offer cybercriminals easily accessible backdoors into your network. Ideally, you should replace out-of-date devices or update when necessary.

However, if budgetary constraints make this challenging, make sure you’re at least hardening your network through segmentation. By segmenting your network, you ensure that even if someone gains access to one of these devices, they can’t access your overall network.

2. Use an ITAM solution

The proliferation of IoT devices is both a blessing and a curse.

Having ID cards, nursing carts, wearables, and more on the network helps doctors treat patients. However, there are thousands of devices scattered throughout a hospital or multiple hospital campuses, and it’s not always easy to keep track of everything. That’s a problem.

Hospitals are public places, and oftentimes security isn’t as tight as it should be. Lost or stolen devices are the most common way health information is compromised, according to the Department of Health and Human Services. Keeping tracking of all your devices is critical.

Invest in IT asset management (ITAM) or consider using radio-frequency identification (RFID) tags. You can’t protect your devices if you don’t know how many you have or where they are.

3. Employ biometric authentication methods

Along the same lines of segmenting your network, using multi-factor authentication (MFA) is a must. Per Microsoft Director of Identity Security Alex Weinert, companies that utilize MFA are 99.9% less likely to be compromised.

While software-based MFA is the most cost-effective to implement, the FBI points out that cybercriminals are bypassing MFA using a variety of methods. They advise employing biometric methods of authenticating as opposed to software-based MFA solutions, tokens, or one-time codes, as it’s the most effective way of protecting your information.

Securing healthcare devices is a never-ending job

The value of healthcare records on the black market make hospitals a rich target for cybercriminals. The fact that health providers often have complex networks, are using legacy systems, and have thousands of potentially unidentified devices on the network doesn’t make things any easier.

Segmenting your network, implementing ITAM solutions, and utilizing biometric authentication methods will go a long way toward thwarting bad actors and securing private healthcare information.