Healthcare records: A treasure trove for cybercriminals

Patient records continue to be one of the most lucrative forms of data for cybercriminals, worth up to 46 times more on the illegal market than stolen credit card information. The reason? Medical records supply all the information criminals need to carry out identity fraud in one place—even create fake passports. Stolen medical records can also equip bad actors with blackmail material to damage personal relationships, affect hiring decisions, or falsely secure health insurance. In 2020 alone, its estimated that 24.1 million patient records were exposed to unauthorized parties because of healthcare cyberattacks—an increase of 55 percent from the previous year.

Medical data breaches can devastate a healthcare organization’s reputation, bottom line and, most importantly, impact patient trust, safety, and outcomes. Securing healthcare data is more than an IT or business decision, it’s critical to optimal patient outcomes.

The increasing threat landscape for medical devices

Selling medical data to the highest bidder is only the beginning. Cyberattackers also target healthcare IoMT (Internet of Medical Things) or connected devices—which can come with life-or-death consequences. A wide and growing array of connected medical devices—CT and MRI scanners, automatic IV pumps, insulin pumps, patient monitoring devices, smart beds, robotic surgery devices, ventilators pacemakers, automatic glucose monitoring devices, and more— are vulnerable.

Medical advancements over the last decade mean devices once protected from data breaches because they were not connected to a network are now targets for cyberthieves. The average hospital room contains an estimated 15 to 20 connected medical devices, and these devices can account for up to 74 percent of the assets on a hospital’s network. The estimated sodt to resolve an IoMT cyberattack  is $346,205. While the financial impact is damaging, still worse are the reputation costs from lost patient safety and loyalty.

But access to the network goes beyond stealing your data; hackers can now alter it. Researchers from Ben-Gurion University uncovered a way to tamper with MRI/CT images between the point of capture and storage. For example, an attacker can use deep learning to add or remove evidence of medical conditions from volumetric (3D) scans. This could create a life-or-death situation if evidence of cancerous tumors, for instance, could be added or removed from a patient’s scan.

Securing IoMT devices: Why is it so hard?

  • Teams such as clinical engineering, bio-medical engineering, and/or medical technology management often manage these devices as opposed to traditional IT management and security personnel. These teams may not understand the impact of security vulnerabilities on connected medical devices.
  • Medical device manufacturers focus primarily on providing function, not security. This means many devices don’t allow changes to default passwords, don’t provide log data, and can’t encrypt information. This is slowly changing with the creation of regulatory oversight such as those imposed by the Food and Drug Administration in the U.S.
  • Some devices use outdated operating systems with known vulnerabilities and are susceptible to Ransomware.
  • Many IoMT devices rely on the manufacturer or extreme manual effort to implement patches (assuming patches are available).
  • Refresh cycles for medical devices are longer than for IT equipment, which is normally refreshed every three years. These devices connected to the internet or corporate networks may also be old and lack specific features for security.


One of the best ways to prevent attacks is network segmentation

Healthcare cybercrime is on the rise. The best way to stay ahead of the thieves is to have visibility into your healthcare threat landscape both on the IT and IoMT connected medical device networks. One major shield to attacks is segmentation. This involves placing parts of the network into different zones or subnetworks, each of which can have customized security policies based on the devices and their users. Experts recommend segmenting hospital  IoMT networks from IT networks altogether.    

Leading the way in securing healthcare data and IoMT devices

For a wholistic approach to securing medical devices, healthcare organizations can now tap into Cisco’s Security Segmentation Strategy Service for Medical Devices. This purpose-built service helps healthcare companies develop a full campus network or IoMT security strategy. Once the network security strategy is in place, we help implement full healthcare network segmentation architectures as well as technologies to identify the security posture of a medical device before it connects to your hospital network. Plus, Cisco will create tailored automation and orchestration workflows to securely isolate a problematic or potentially vulnerable medical device.

If a more targeted approach is needed to detect potential vulnerabilities and avoid disruption in your medical device network, Cisco will passively scan your network and inventory compatible connected devices, their current vulnerabilities, manufacturer names, and operating system versions. Once vulnerabilities are known, Cisco works with your manufacturers to determine if a patch needs to be applied. In some cases, we even work closely with medical device manufacturers to test for security vulnerabilities directly in their labs. Customers are able to tap into these offerings and more as part of Cisco’s rich portfolio of security solutions for healthcare networks.

With the proliferation of IoMT connected medical device networks, the opportunity to experience cyberattacks is more probable than ever. Now is the time for healthcare systems to take a hard look at the security and privacy of their networks to ensure they’re safeguarding their most important asset—the health and safety of their patients.

Discover more during HIMSS 2021

To learn more how Cisco solutions and services can help secure your medical device network and power an inclusive future for all through technology, tune into our HIMSS 2021 thought-leadership session onsite or watch on-demand.

Attending HIMSS 2021 in person? Visit Cisco in the Digital Park, booth 3929.

Have a specific question for our team, or want to connect on your digital strategy? Engage with a Cisco expert by booking a 1:1 meeting through the MyHIMSS Planner tool.


Emma Scudder

Director of Business Development

CX Healthcare - Technology and Transformation Group (TTG)