COVID-19 & Outdated Software on 83% of Medical Devices
With plates already over-full, the medical community has more than one concern regarding equipment - medical device security. First they’ve had to deal with a lack of equipment. But the equipment they do have has a different problem – a large percentage of it is behind the times when it comes to current software and security.
Atlas VPN conducted research and found that the majority of US healthcare organizations are using outdated software and operating systems on 83% of their devices. This significantly increases their exposure to cyber threats and risk.
In a recent survey, Palo Alto Networks found that of 1.2 million IoT devices used in US healthcare sites, 56% of them were still running on Windows 7. Support for Windows 7 ended this past January, 2020. That means no more security updates which means no protection for current and ongoing security issues. Twenty-seven more percent of devices are still running on Windows XP or obsolete versions of Linux OS. For imaging systems, 16% of those systems are at 51% risk for getting hacked.
Along with Devices, IT Staff Is Also Behind
Some medical providers acknowledge the problem, with 40% of them going on record saying they plan to make cybersecurity improvements this year. But that leaves even more – 60% - not signing up to take action any time soon. Perhaps triaging patient care and lack of resources during the Coronavirus outbreak is why the healthcare industry isn’t addressing the issue. But it leaves them more susceptible to possible cyberattack than they already were, especially at a time when medical devices are being used more than ever for patient monitoring.
The same Atlas VPN research report says that 1 in 4 of these devices has security shortcomings, keeping the healthcare industry a prime target for cyber criminals. As prepared as the medical community may be for caring for its patients, its equipment needs some TLC as well.
$Millions Lost on Websites Like Amazon, Spotify and Other Scamming Efforts
Outdated medical equipment isn’t the only way hackers and scammers hit their targets. Also per Atlas VPN’s research, more than 35,500 websites scamming on the coronavirus were created in March. All manner of scams were offered, under the guise of selling things like hand sanitizer, masks and testing kits. The increase of these ill-reputed websites hit 1,000 new ones a day, a leap from around 50 sites per day in February. Other entities contributed to the scamming data, coming from sources such as Amazon, New York Times, Shopify, Forbes, The Washington Post, CNBC, Interpol and more.
Amazon.com also took down more than a quarter million coronavirus-related products because of price gouging and removed over a million more for misrepresenting product features. Such as, exaggerating mask capabilities as being able to completely block the virus, or pills that could kill the virus in your body. Shopify reported similar activity on their platforms with websites making false advertising claims and promoting mislabeled items.
Interpol has logged losses up to $100,000, and scams of $2million in cryptocurrency swindled out from under worried buyers, tricked into purchases out of fear. The UK noted over 100 cases with losses exceeding $1.2 million.
Don’t Get Snagged by a Scam
Organizations and individuals can take steps to avoid being a victim of a scam.
All businesses, healthcare and otherwise, must be on high alert, especially during this global health crisis where cyber criminals are using increasingly manipulative exploits. There’s never been a more sensible time for organizations to be more aggressive in their stance to revamp their security strategy.
Steps to Take to Protect from Cyber Threats
- Follow best security practices (current software releases and updates)
- Educate employees about phishing – this may be on of the best preventative measure you can take
- Enable two-factor authentication on network devices and systems
- Follow password management policy that enforces regular updates with strong password requirements
- Ensure your third party vendors follow your security standards
- Implement a reliable back up and recovery system, protected from network access
- Protect applications and memory