Greg Freiherr, Industry Consultant
Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity| October 05, 2018

How To Stop (Or Slow) Hackers

cybersecurity

Like low-hanging cyber fruit, hospitals are ripe for plucking. And hackers have already started the harvest.

A 12-month analysis of cyberattacks by enterprise security company Proofpoint found that ransomware, which keeps legitimate users from accessing the data on their systems until ransom is paid for their release, is shutting down emergency rooms. The analysis also found that phishing schemes using emails are defrauding patients and providers.

Cybercriminals have done much of the damage. But they are not the only ones to fear. Nation states have attacked other segments of American society. Look no further than the hack by North Korea of Sony Pictures (see “North Korean hackers sanctioned, facing charges for Sony hack, Wannacry ransomware attack,” CNBC) and concerns about potential hacking of the 2018 midterm elections (“Election hacking: security upgrades are too little, too late for 2018 midterms and race is already on for 2020, experts say,” Newsweek) for proof of that. Terrorists pose a special threat, as their sole purpose is to create fear.

So concerned about hacking was Dick Cheney in 2007 that the vice president disabled the wireless feature of his implanted defibrillator. Cheney was worried, according to CBS News, that “a terrorist could assassinate the vice president by sending a signal to the device.” A similarly nightmarish scenario would be terrorist-controlled CT scanners or linear accelerators that deliver excessive doses of radiation.

Ironically, healthcare seems less concerned about hackers and more about achieving the tenets of value-based medicine. Its focus on improving patient experience and reducing cost has pushed cybersecurity down the list of spending priorities when it should be rising.

 

Not What Was Hoped

How can hackers be stopped — or at least slowed down? First, cyberthreats have to be seen for what they are. This means recognizing that the machines most vulnerable to hacking are the most modern ones. The heightened vulnerability comes from their increased use of digital technology, which offers hackers more possible entry points. (An exception is equipment that runs old versions of operating systems. These are vulnerable, if security patches are not applied, a circumstance that commonly happens when OS versions are no longer supported.)

Second, the operators of digital imaging devices must see that connecting to the internet increases vulnerability. This risk already exists and will grow more severe in the near future. A massive expansion of device connectivity will come with 5G, the next generation of wireless technology, which promises speeds beginning at 20 times those of 4G. Imagine 5G towers beaming high-speed internet directly to medical devices, making the internet connections free from routers and conventional Wi-Fi that might be leveraged to provide some protection.

 

Fighting Off Cyberattacks

So how can the imaging industry protect against cyberattacks now and in the future? One way, according to a NEMA/MITA white paper published three years ago, is to adopt best practices.

For manufacturers that means making user interfaces simple yet secure. One key, according to NEMA/MITA, is to require multifactorial authentication, such as a password and a biometric identifier.

Another is to use firewalls that restrict access to radiological devices. By monitoring and controlling network traffic, firewalls can put up barriers between trusted internal networks and untrusted external networks, such as the internet.

A third approach, called the 3-2-1 rule, has been gaining traction lately among cybersecurity professionals. This rule states that every piece of critical data should have three copies; stored on at least two different types of media; with at least one medium away from where the data are primarily stored. Cloud-based storage (see “How Two Providers Use The Cloud To Prepare For Disaster”) is one of these media.

Although the imaging industry is making use of the cloud, just using the cloud is not enough. Sites may use cloud storage as the primary or even sole means of storing data. While affording some protection, this kind of cloud-based strategy undoes the benefits of the 3-2-1 rule.

A fourth possibility for defending against cyberattack is penetration testing. This practice, commonly referred to as “red teaming,” is similar to the child’s game “Capture the Flag.” As used in cybersecurity, the red team attempts to access data, while another defends against the attack.

The process might be preceded by “tabletop exercises.” In these a consulting firm may describe the hypothetical scenario of a cyberattack to the leaders of a hospital. Sitting in the relative safety of a conference room, the chief information security officer, others from the C-suite and a few hand-picked IT folks might be asked how they would respond. The intent behind such exercises is simply to expose vulnerabilities and sensitize the client to existing dangers.

At the other end of the spectrum are field exercises in which white hatters, so called because they are “good” hackers, attack a network to probe its defenses. This may reveal actual vulnerabilities that could be exploited by hackers with nefarious intent. But, if a white hatter turns black and takes the opportunity to attack the network rather than probe it, the process can go south quickly. This is why red team members must be carefully vetted, if probing attacks are to be carried out.

 

High Stakes

The healthcare industry must be prepared for hack attacks, cybersecurity experts agree. The very essence of value-based medicine hangs in the balance. How can patients be safe and their needs met, if they and their data are not safe?

Unfortunately, no digital device can be made 100 percent safe from attack. Phishing, in which emails sent to staffers unleash malware, presents a continuing threat. Only training and an ever-vigilant staff can keep phishing attempts from succeeding.

And, unfortunately, digital imaging devices are vulnerable, even when they are not connected to the Internet. All it may take is someone with an ax to grind or a digital vandal (akin to the folks who “tag” train cars and buildings) to slide a malware-ridden USB drive into a computer connected to a medical data network. For this reason, the best defense, according to cybersecurity experts, is a robust data management system, one that can persist even when attacked.

Such a system may have resident software that looks for and shuts down unauthorized access, one that uses multifactorial authentication to spot intruders, for example. It may involve the use of multiple copies of data on different media, such as the cloud. Or it may depend on the digital equivalent of whistling past the graveyard.

Cybersecurity experts do not recommend the latter.

Related Content

M*Modal and Community Health Network Partner on AI-powered Clinical Documentation
News | PACS Accessories | June 13, 2019
M*Modal announced that the company and Community Health Network (CHNw) are collaborating to transform the patient-...
A static image drawn from a stack of brain MR images may illustrate the results of a study. But a GIF (or MP4 movie), created by the Cinebot plug-in, can scroll through that stack, providing teaching moments for residents and fellows at Georgetown University

A static image drawn from a stack of brain MR images may illustrate the results of a study. But a GIF (or MP4 movie), created by the Cinebot plug-in, can scroll through that stack, providing teaching moments for residents and fellows at Georgetown University. Image courtesy of MedStar Georgetown University Hospital

Feature | Information Technology | June 13, 2019 | By Greg Freiherr
Editor’s note: This article is the third in a content series by Greg Freiherr covering the Society for Imaging In
Studycast PACS Adds Two-factor Authentication to Improve Data Privacy and Security
News | Cybersecurity | June 12, 2019
Core Sound Imaging announced the addition of two-factor authentication (2FA) to the security measures available for the...
The Current Direction of Healthcare Reform Explained by CMS Administrator Seema Verma
News | Radiology Business | June 11, 2019
June 11, 2019 — Centers for Medicare and Medicaid Services (CMS) Administrator Seema Verma addressed the American Med
Medivis SurgicalAR Gets FDA Clearance
Technology | Virtual and Augmented Reality | June 10, 2019
Medivis announced that its augmented reality (AR) technology platform for surgical applications, SurgicalAR, has...
Glassbeam Announces New Clinsights Application Suite for Healthcare Provider Market
Technology | Analytics Software | June 10, 2019
Glassbeam launched Clinsights, a new revitalized application suite powered by artificial intelligence/machine learning...
The DeepAAA algorithm, developed at the MGH & BWH Center for Clinical Data Science, accurately detected and measured an abdominal aortic aneurysm (AAA) in a CT image even though appearance of the AAA was complicated by a blood clot

The DeepAAA algorithm, developed at the MGH & BWH Center for Clinical Data Science, accurately detected and measured an abdominal aortic aneurysm (AAA) in a CT image even though appearance of the AAA was complicated by a blood clot. (The algorithm drew a green circle around the aneurysm.) Image courtesy of Varun Buch, MGH & BWH Center for Clinical Data Science

Feature | Artificial Intelligence | June 10, 2019 | By Greg Freiherr
Editor’s note: This article is the second in a content series by Greg Freiherr covering the ...
Client Outlook's eUnity Smartviewer Selected by Duke University Health System
News | Remote Viewing Systems | June 04, 2019
Client Outlook Inc. announced that Duke University Health System has implemented eUnity for enterprise viewing...
Sponsored Content | Whitepapers | Vendor Neutral Archive (VNA) | June 04, 2019
The evolution from standalone PACS to extensive Enterprise Imagining Solutions created the need to archive informatio
SIIM and ACR Host Machine Learning Challenge for Pneumothorax Detection and Localization
News | Artificial Intelligence | June 03, 2019
The Society for Imaging Informatics in Medicine (SIIM) and the American College of Radiology (ACR) are collaborating...