Blog

Threats against the clinical cyber environment come in many flavors. These threats range from automated malware and non-technical insiders to highly resourced cybercriminals and nation-state / Advanced Persistent Threat (APT) attackers. But even though the attackers and their motivations vary widely, all clinical threats take advantage of the same attack surface. Here’s what you need to know about the different threats facing the clinical vulnerability landscape.

When a flaw is discovered in an FDA-regulated product that can impact that product's ability to perform effectively and safely, they are required by the FDA to issue a "recall." Recalls are often newsworthy—we hear of recalls for drugs (when they have newly discovered side effects or are mislabeled) and even every day products like cat food (for contamination). Recalls for medical devices are often less newsworthy, but can be incredibly expensive.

One of the most challenging issues around securing medical devices is involved in patching them. While the FDA is on record stating that “security patches do not require FDA approval,” device manufacturers often argue that the FDA validation process limits their ability to patch. Ultimately, both sides are correct. Unfortunately, this leaves hospitals and care delivery organizations holding the bag when it comes to vulnerable devices in their network.

There was no shortage of challenges for healthcare CISOs in 2020. From the sudden surge in remote work and telemedicine to an epidemic of ransomware attacks, security teams have had their work cut out for them. Looking ahead to 2021, the Scope Security team sees some new and emerging security threats that security and technology leaders in healthcare should be aware of.

In September 2020 alone, multiple ransomware attacks at major hospitals globally downed critical systems, locked patient data, and cost at least one life (that we know of). Factor in the strain that the COVID-19 pandemic has put on hospital resources and a lot of healthcare security teams are losing sleep these days, wondering if their hospital or clinic could be targeted next—and if they are prepared to handle it.