Greg Freiherr, Industry Consultant
Greg Freiherr, Industry Consultant

Greg Freiherr has reported on developments in radiology since 1983. He runs the consulting service, The Freiherr Group.

Blog | Greg Freiherr, Industry Consultant | Cybersecurity | October 05, 2018

How To Stop (Or Slow) Hackers

cybersecurity

Like low-hanging cyber fruit, hospitals are ripe for plucking. And hackers have already started the harvest.

A 12-month analysis of cyberattacks by enterprise security company Proofpoint found that ransomware, which keeps legitimate users from accessing the data on their systems until ransom is paid for their release, is shutting down emergency rooms. The analysis also found that phishing schemes using emails are defrauding patients and providers.

Cybercriminals have done much of the damage. But they are not the only ones to fear. Nation states have attacked other segments of American society. Look no further than the hack by North Korea of Sony Pictures (see “North Korean hackers sanctioned, facing charges for Sony hack, Wannacry ransomware attack,” CNBC) and concerns about potential hacking of the 2018 midterm elections (“Election hacking: security upgrades are too little, too late for 2018 midterms and race is already on for 2020, experts say,” Newsweek) for proof of that. Terrorists pose a special threat, as their sole purpose is to create fear.

So concerned about hacking was Dick Cheney in 2007 that the vice president disabled the wireless feature of his implanted defibrillator. Cheney was worried, according to CBS News, that “a terrorist could assassinate the vice president by sending a signal to the device.” A similarly nightmarish scenario would be terrorist-controlled CT scanners or linear accelerators that deliver excessive doses of radiation.

Ironically, healthcare seems less concerned about hackers and more about achieving the tenets of value-based medicine. Its focus on improving patient experience and reducing cost has pushed cybersecurity down the list of spending priorities when it should be rising.

 

Not What Was Hoped

How can hackers be stopped — or at least slowed down? First, cyberthreats have to be seen for what they are. This means recognizing that the machines most vulnerable to hacking are the most modern ones. The heightened vulnerability comes from their increased use of digital technology, which offers hackers more possible entry points. (An exception is equipment that runs old versions of operating systems. These are vulnerable, if security patches are not applied, a circumstance that commonly happens when OS versions are no longer supported.)

Second, the operators of digital imaging devices must see that connecting to the internet increases vulnerability. This risk already exists and will grow more severe in the near future. A massive expansion of device connectivity will come with 5G, the next generation of wireless technology, which promises speeds beginning at 20 times those of 4G. Imagine 5G towers beaming high-speed internet directly to medical devices, making the internet connections free from routers and conventional Wi-Fi that might be leveraged to provide some protection.

 

Fighting Off Cyberattacks

So how can the imaging industry protect against cyberattacks now and in the future? One way, according to a NEMA/MITA white paper published three years ago, is to adopt best practices.

For manufacturers that means making user interfaces simple yet secure. One key, according to NEMA/MITA, is to require multifactorial authentication, such as a password and a biometric identifier.

Another is to use firewalls that restrict access to radiological devices. By monitoring and controlling network traffic, firewalls can put up barriers between trusted internal networks and untrusted external networks, such as the internet.

A third approach, called the 3-2-1 rule, has been gaining traction lately among cybersecurity professionals. This rule states that every piece of critical data should have three copies; stored on at least two different types of media; with at least one medium away from where the data are primarily stored. Cloud-based storage (see “How Two Providers Use The Cloud To Prepare For Disaster”) is one of these media.

Although the imaging industry is making use of the cloud, just using the cloud is not enough. Sites may use cloud storage as the primary or even sole means of storing data. While affording some protection, this kind of cloud-based strategy undoes the benefits of the 3-2-1 rule.

A fourth possibility for defending against cyberattack is penetration testing. This practice, commonly referred to as “red teaming,” is similar to the child’s game “Capture the Flag.” As used in cybersecurity, the red team attempts to access data, while another defends against the attack.

The process might be preceded by “tabletop exercises.” In these a consulting firm may describe the hypothetical scenario of a cyberattack to the leaders of a hospital. Sitting in the relative safety of a conference room, the chief information security officer, others from the C-suite and a few hand-picked IT folks might be asked how they would respond. The intent behind such exercises is simply to expose vulnerabilities and sensitize the client to existing dangers.

At the other end of the spectrum are field exercises in which white hatters, so called because they are “good” hackers, attack a network to probe its defenses. This may reveal actual vulnerabilities that could be exploited by hackers with nefarious intent. But, if a white hatter turns black and takes the opportunity to attack the network rather than probe it, the process can go south quickly. This is why red team members must be carefully vetted, if probing attacks are to be carried out.

 

High Stakes

The healthcare industry must be prepared for hack attacks, cybersecurity experts agree. The very essence of value-based medicine hangs in the balance. How can patients be safe and their needs met, if they and their data are not safe?

Unfortunately, no digital device can be made 100 percent safe from attack. Phishing, in which emails sent to staffers unleash malware, presents a continuing threat. Only training and an ever-vigilant staff can keep phishing attempts from succeeding.

And, unfortunately, digital imaging devices are vulnerable, even when they are not connected to the Internet. All it may take is someone with an ax to grind or a digital vandal (akin to the folks who “tag” train cars and buildings) to slide a malware-ridden USB drive into a computer connected to a medical data network. For this reason, the best defense, according to cybersecurity experts, is a robust data management system, one that can persist even when attacked.

Such a system may have resident software that looks for and shuts down unauthorized access, one that uses multifactorial authentication to spot intruders, for example. It may involve the use of multiple copies of data on different media, such as the cloud. Or it may depend on the digital equivalent of whistling past the graveyard.

Cybersecurity experts do not recommend the latter.

Related Content

Several drivers will contribute to the growth of the teleradiology market in terms of penetration, revenue and read volumes over the next five years

Getty Images

Feature | Teleradiology | July 08, 2020 | By Arun Gill
Last year was a record year for the global...
Sponsored Content | Videos | PACS | June 29, 2020
Kevin Borden, Vice President of Product, Healthcare IT for Konica Minolta, talks about Improving Access and Aiding Wo
Universal digital operating system for surgery enables health tech companies and start-ups to accelerate, scale and grow

Stefan Vilsmeier, President and CEO of Brainlab Photo courtesy of Brainlab

News | Artificial Intelligence | June 26, 2020
June 26, 2020 — ...
n support of Mayo Clinic’s digital health and practice transformation initiatives, the Mayo Clinic Department of Laboratory Medicine and Pathology has initiated an enterprise-wide digital pathology implementation of the Sectra digital slide review and image storage and management system to enable digital pathology. 
News | Enterprise Imaging | June 26, 2020
June 26, 2020 —  In support of Mayo Clinic’s digital health
Visage announces cloud implementation, Visage 7 Workflow and semantic annotations
News | Enterprise Imaging | June 26, 2020
June 26, 2020 — Visage Imaging, Inc.
The American College of Radiology (ACR) Center for Research and Innovation (CRI) is pleased to announce the development of the COVID-19 Imaging Research Registry (CIRR), an effort by the ACR CRI and the ACR Data Science Institute in collaboration with the ACR and the Society of Thoracic Radiology (STR). Sharyn Katz, M.D., director of research for thoracic radiology at the University of Pennsylvania, chairs the effort’s multiple-disciplinary steering committee, which includes representation from across the i

Getty Images

News | Coronavirus (COVID-19) | June 25, 2020
June 25, 2020 — The American College of Radiology (ACR) Center for R