The healthcare sector is facing a range of cyberattacks and malicious activity, according to a report from cybersecurity experts FireEye.
Medical cyber physical systems, or biomedical devices, are becoming an increasing target for hackers, the report suggests. Though the report says the company isn’t aware of any malicious activity against personal medical devices, it highlights there are threats that highlight the vulnerabilities in these systems.
In its conclusion the report says: “Looking forward, as biomedical devices increase in usage, the potential for them to become an attractive target for disruptive or destructive cyberattacks – especially by actors willing to assume greater risk – may present a more contested attack surface than today.”
FireEye also warns that “the existence of networking features and remote access will eventually be used to harm individuals or groups, whether intentionally through a targeted attack or inadvertently through unexpected interactions between device software and activity during access to devices.”
The report warned that some devices have security shortfalls including “smart storage” devices.
Also discovered were multiple healthcare associated databases for sale on underground forums for under $2000, and that Chinese espionage groups are targeting medical research groups, including those focussed on cancer research.
One investigation at a health manufacturing company uncovered, a hacker was believed to be in the organisation’s network for at least 60 days prior to detection, and used or accessed approximately 14 user accounts, and accessed or installed backdoors on more than 450 systems.
Regarding a cybersecurity threat to a UK organisation, Luke McNamara, principle analyst at FireEye, said: “The targeting of a healthcare entity in the U.K. represents an interesting departure of focus for APT32, a Vietnamese cyber espionage group. While it is not entirely clear as to the motivation for this specific incident, APT32 is known to target international entities with a business presence in Vietnam. This example also highlights the challenge organisations in this sector face in dealing not just with known, high-frequency threats, but also less-frequent intrusions by nation state actors—some of whom may not have a long track record of targeting healthcare.”
The report can be read in full, here.