According to a joint report published by Health-ISAC, Finite State, and Securin, healthcare facilities faced a nearly 60% increase in cyber attacks over the last year.
Their research found over 1,000 vulnerabilities, with 993 of them in various medical products and devices since 2022. And, 160 of these vulnerabilities are currently being weaponized, while 101 are undetected in the wild.
The vulnerabilities range in severity, however, the worst of them would allow hackers access to the network of various medical facilities and inflict further malware, steal data, or even encrypt their data and extort them.
“Our research unveils a disturbing year-over-year increase in firmware vulnerabilities within connected medical products and devices, underscoring an urgent need for robust software supply chain security,” states the Director of Product Security Research and Analysis at Finite State.
Unfortunately, healthcare continues to be a prime target for hackers, with various means of inflicting devastating results on facilities. This puts residents who may be on life support or need access to the hospital’s facilities at risk of having their products remotely hacked. Last year alone, there was a 437% year-over-year increase in RCE/PE exploits
This year we’ve seen multiple large-scale data breaches affect millions of patients across the world, including the global MOVEit file transfer software hack, and the hack on Regal medical group, which put the information of over 3 million patients at risk.
“Healthcare organizations must prioritize cybersecurity measures, employ robust cybersecurity practices, conduct regular risk assessments, and stay updated on the latest security threats and technologies to proactively protect against cyber threats,” explains Phil Englert, Health-ISAC’s VP of Medical Device Security.
“Health-ISAC focuses on enhancing cyber resilience within the global healthcare sector by facilitating collaboration, sharing threat intelligence, developing and sharing best practices and providing resources and support to its members to build resilience within member organizations and the healthcare community as a whole.”