Blog

Healthcare Cybersecurity Matters Now More Than Ever

Providers entering data into hospital computer

We just published Volume 25 of the HIMSS Healthcare and Cross-Sector Cybersecurity Report. The report outlines new methods of Bluetooth attacks, digital theft and many vulnerabilities.

Report Highlights

1. Bluetooth Attacks
This report highlights a new technique for attacking the Bluetooth pairing protocol without being detected by victim devices. If an attack is successful, the encryption key of a victim device may be revealed.

2. Phishing Attacks
Volumes of phishing emails are growing and the efficacy and impact of phishing emails are growing as well. Frequently, phishing attacks appear to come from a trusted source, such as an executive within one’s own organization. Spear-phishing emails, which are targeted phishing emails, are often quite effective. Significant breaches may occur as a result of a successful spear-phishing email attack.

3. Copy-and-Paste Malware
New malware has been discovered which monitors the Windows clipboard for cryptocurrency addresses. The malware has been found to replace the cryptocurrency addresses with alternate ones (selected by the attacker).

Watch Lee Kim talk about healthcare security now and in the future on HIMSS TV.

4. Bug Bounty Programs
A manufacturer has set up a bug bounty program for printers in what is called an “industry first.”

5. Remote Code Execution Vulnerabilities
Remote code execution vulnerabilities are especially problematic, as attackers may be able to execute commands and instructions of their choice. These vulnerabilities may be found in all sorts of computer programs, including open source software.

6. Shipping Infrastructure at Risk
While this is not healthcare, this is another critical infrastructure sector that is very vulnerable. Researchers have found that “always on” satellite connections have exposed shipping to hacking attacks. In addition, poor security hygiene on board the ship and vulnerabilities associated with protocols used and systems provided by maritime product vendors also appear to be problematic.

In summary, healthcare cybersecurity never stands still. The threat landscape is always changing and so must we. We must be agile and nimble and constantly strive to learn.

Join the Cybersecurity Conversation

Privacy & Security Resource Library
Access cybersecurity resources and toolkits. Learn more

Cybersecurity Survey
Get insights into what you can do to protect your information and assets. View the report

Code Red Podcast
Hear from people on the front lines of cybersecurity in healthcare. Listen now

HIMSS Healthcare Cybersecurity Community
Learn and collaborate with experts and peers in the industry. Join the community