Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to compromised medical imaging equipment.
Cybersecurity for medical imaging equipment needs to be improved.
The Rising Threats to Medical Imaging Cybersecurity
The 2020s have seen a sharp rise in cyberthreats, with health care organizations among the most highly targeted organizations. The COVID-19 pandemic is suspected to be one of the greatest influences of this increase in attacks on vulnerable institutions. In 2020, attacks on health care organizations rose 55% compared to 2019.
On the one hand, hackers see the critical position of health care organizations during the COVID-19 pandemic as an opportunity. They know attacks like ransomware can get them a lot of money because medical facilities can’t afford to lose data or get locked out of their networks when patients’ lives are on the line. Ransomware attacks also negatively impact patients – experts estimate that at least 1,763 health care centers were hit in 2020 and 2021.
Telemedicine also plays a key role in the rising threats facing medical imaging cybersecurity. Health care is becoming increasingly digital and connected, with more data being shared and transmitted virtually. This highlights the need for better security.
Medical cybersecurity will only become more popular as next-gen technologies like remote robotic surgeries become more popular. The need for stronger medical imaging cybersecurity is particularly serious, considering that these devices are powerful and valuable, but also handle incredibly detailed information about patients.
Cybersecurity for Medical Imaging: A Device Problem?
Medical Imaging Devices (MIDs) are not known for having especially robust security features. The overarching question is whether their weak cybersecurity is a device problem or a hospital-to-hospital issue. Are the machines themselves flawed, or do hospitals simply need better security? It is a combination of both, and MID developers need to remember the importance of device-level security.
Medical equipment is all too often not thought of as being a “cyber” or “connected” device. As a result, cybersecurity can be an afterthought in developing these machines, relegated to whatever protocols health care centers’ computers have. Unfortunately, many facilities are still using outdated computers, allowing for situations like a 12-year-old malware program infection. Relying on hospitals to protect their machines is not a viable solution. Cybersecurity for medical imaging devices needs to happen at the source.
Of course, some MIDs do have rudimentary built-in cybersecurity features. However, the development time of three to seven years often means that any included security features may be outdated by the time the device is finally shipped out. This is a dangerous issue to have today, leaving a critical weakness for malicious actors to exploit.
Cybersecurity threats did not change as fast 10 or 20 years ago as they do today. Now, MIDs must have the most agile, up to date security features possible to stand up to ever-changing threats. Of course, the same goes for health care centers’ IT infrastructure.
Cyber Weaknesses in MIDs: The Patient Risk
Cybersecurity for medical imaging needs to improve on both a device and health care center level. Some may still wonder, though, why is strong security imperative for MIDs specifically? Patients are at serious risk of personal harm resulting from compromised MIDs in terms of their health and data. The safety of patients demands better device cybersecurity.
On the one hand, MIDs are highly sensitive devices, even before a patient enters the picture. They require carefully controlled thermal management, specialized facilities and precise, expert operation. Even maintenance has to be performed by a trained specialist. An attacker who gains control of one of these devices could very easily damage it even if they don’t harm any patients. This could lead to improper operation or even ruin an expensive imaging device.
There is a legitimate physical risk to patients with certain devices. Examples of attacks with MIDs include disruption of scan configuration files and mechanical motor disruption, both of which pose a serious risk of injuring someone.
Modern MIDs play a crucial role in medicine. People rely on these devices to get a potentially life-saving diagnosis or have a crucial scan for an urgent surgical procedure. Having them locked down by ransomware is a significant problem.
This is a possibility to take seriously, considering that an estimated one in three health care centers worldwide was the victim of a ransomware attack in 2020. Ransomware has become so widely used by criminals, that ransomware-as-a-service has emerged in cybercrime networks, allowing for anyone with minimal technical abilities or experience to use these tools to carry out attacks. Emerging technologies like AI are also expanding the capabilities of cyberattacks, so the threat of a remote takeover of MIDs is no longer far-fetched.
There is also a risk of malicious actors changing the results of a scan, which could seriously threaten patients by giving doctors inaccurate information, especially when delicate parts of the body like the brain or spinal cord are concerned. Engaging in this type of attack can cause chaos and physical harm to people. Even if no data theft or monetary gain is on the line, compromised results from MIDs could leave patients vulnerable.
Luckily, all these cyberattacks are preventable. Health care centers, providers, and medical imaging device developers must collaborate to ensure cybersecurity for medical imaging evolves in the years ahead.
Improving Medical Imaging Cybersecurity Is Critical
Cybersecurity has always been important, but it is more crucial than ever to improve it for medical imaging today. This urgent need for stronger MID security is being driven by alarming increases in cyberattacks specifically targeting the health care industry.
This sector is becoming increasingly digital, and patients rely on modern medical imaging devices. Therefore, health care centers and MID device developers must act now to modernize security. Responding to these threats and evolving medical imaging cybersecurity will help protect patient data and well-being, and potentially save lives.
About the Author: Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating innovations in industry, science, and technology. She has over 5 years of experience covering these industries.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
