IoT and ransomware are big security risks, and health systems feel unprepared

May Be Interested In:Carabao Cup LIVE updates: Ange Postecoglou’s Spurs face Liverpool for a spot in the final



Healthcare organizations are increasingly under siege from sophisticated cyberattacks, with ransomware groups exploiting vulnerabilities in critical infrastructure.

In 2024, nearly 400 U.S. healthcare organizations reported incidents linked to ransomware operators like LockBit 3.0, ALPHV/BlackCat, and BianLian, according to a recent report from Veriti.

Half of healthcare organizations surveyed said they lack confidence in detecting and resolving such breaches, 42% of organizations lack policies to prevent unauthorized data access, and 51% lack the necessary technologies for breach prevention.

Endpoint misconfigurations emerged as a significant risk, with 35% of systems unable to quarantine malicious files, increasing susceptibility to ransomware encryption.

Misconfigured recovery processes further exacerbated risks, impacting 22% of hosts by allowing attackers to disable volume shadow copies and recovery tools.

Medical devices and protocols like DICOM are also vulnerable, creating opportunities for data theft and unauthorized access.

Oren Koren, co-founder and CPO of Veriti, explained the rise of IoT devices, AI integration, and cloud-based systems adds new dimensions to these challenges.

He said one of the most concerning findings from the report was the fact that vulnerabilities are not and will not be patched.

“This poses an extensive threat to any healthcare organization that uses devices that can’t be updated or upgraded, due to compliance and regulation,” he said. “Unfortunately, we will continue to see healthcare organizations getting hammered by ransomware as a result of that.”

Koren added that in the face of evolving threats, healthcare organizations are currently focusing on two main things – virtual patches, using the compensating control as a countermeasure for risks they can’t address; and disaster recovery plans with massive purchasing of hardware and software for a catastrophic event.

“They will need to evaluate their current systems and adapt to more innovative control measures to avoid future threats,” he said.

Koren predicted IoT threats would continue to evolve in 2025 and cautioned exposed assets—those which must be exposed for maintenance–getting hacked much faster.

“The usage of AI and automatic vulnerability scanning performed by the attackers allows them to find an exposed IoT device and conduct an attack on it much quicker than they used to be able to,” he said.

He added most healthcare organizations’ security controls now rely on advanced AI to analyze threats.

However, due to strict regulations, sensitive healthcare data needs to remain confidential, meaning patient data is excluded from AI analysis

Koren said by 2025, enhanced intelligence sharing will enable rapid responses to emerging threats.

“When a threat is identified in one organization, alerts and necessary countermeasures will be swiftly disseminated to others–emphasizing pre-breach hardening as the central approach,” he explained.

As healthcare organizations struggle to defend themselves from a growing number of threats, they are turning to Zero Trust and micro-segmentation and proactive threat management to shore up security.

A recently introduced healthcare cybersecurity bill would support healthcare organizations with grants aimed at strengthening prevention and response, while the Administration for Strategic Preparedness and Response is seeking feedback through surveys and task group evaluations to assess and strengthen the cybersecurity readiness of public health organizations.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: [email protected]
Twitter: @dropdeaded209



share Share facebook pinterest whatsapp x print

Similar Content

How the six-day hunt for New York shooting suspect unfolded
How the six-day hunt for New York shooting suspect unfolded
Más californianos están muriendo por el frío. Gran parte son personas mayores sin techo - KFF Health News
Más californianos están muriendo por el frío. Gran parte son personas mayores sin techo – KFF Health News
Sydenham: Man shot dead and two injured
MPs back proposals to legalise assisted dying
League tables to reveal failing NHS trusts
League tables to reveal failing NHS trusts
Trudeau letters
Letters to the Editor, Dec. 14, 2024: ‘A fool and our money…’
What’s the worst profession when it comes to choosing a partner?
What’s the worst profession when it comes to choosing a partner?
Worldwatch: Headlines You Can't Miss | © 2024 | Daily News