Improve the security of “connected” medical devices and management systems, the main cybersecurity challenge in the health field

• S2 Grupo has indicated that theft of confidential information and the unavailability of the systems are currently the main cyberattacks that the sector is suffering due to the lack of adequate measures of protection.
• The consequences of hacking can range from the loss of records to the access to medical devices that work in a network, such as an insulin pump or a respirator, which could alter the quantity supplied or stop its operation, putting at risk the life of the patients.
• The fundamental objective of these hacking actions is the theft of money (through blackmail) and personal data for identity theft, which is especially delicate in the area of ​​healthcare due to the type of information they handle.

Valencia, November 23, 2016. The application of new information and communication technologies to the healthcare system has meant a revolution for the sector, making possible, among other examples, remote patient monitoring, tele-assistance or improvement of systems of data management. In this context, S2 Grupo, a company specialized in cybersecurity and exploitation of mission critical systems, has pointed out that the main challenge facing the health sector in the field of ICTs is to consider security within the design phases of any medical device. This will reduce their vulnerability and prevent them from being accessible to potential cyberattacks that could jeopardize the functioning of a facility and even the lives of patients. Currently, the most common attacks that are affecting the sector with theft of confidential information of users and the disabling of the systems. "Threats to privacy due to leaks of medical information, threats to IT systems through ransomware attacks, for example, and threats against medical devices such as pacemaker intervention, insulin pumps, etc. are the main risks the health sector faces if proper cyber protection of their systems is not carried out", said José Rosell, associate-director of S2 Grupo. An example of this is the ransomware cyberattack that the Presbyterian Medical Center of Hollywood suffered in Los Angeles in early 2016. This malicious software hijacked the information contained in the hospital's computer system, preventing access to patient medical records or emails, which forced many patients to be transferred to other centers. In addition, for their release they demanded a ransom of almost 3 million euros. "The aim of these cyberattacks is always the same, extortion to obtain money and/or theft of personal data to impersonate identities, something that is very delicate in the health field, since they have highly sensitive and confidential information about the patients", emphasizes Miguel Juan of associate-director of S2 Grupo. In addition, from the S2 Grupo it has been highlighted that, in the IoT (Internet of Things) field, it is essential to take into account the security of the devices and wearables that are used in the medical sector from the design phase to make them less vulnerable and prevent them from being hacked, as the consequences could be serious. Along with this, to carry out an audit of previous cybersecurity and to monitor it during its use, are measures that would allow to guarantee an adequate protection thereof. "An attack on a medical control device that is connected to the network, such as an insulin pump  or a respirator, could remotely allow changing levels or stopping them directly, putting the patient's own life at risk. This makes cybersecurity one of the most important challenges facing the eHealth sector around the world today", said José Rosell. More information: prensa@s2grupo.es