0

Far from the cliché of the cyber-criminal, hidden behind a screen miles from the intended victim, some attackers get up close and personal to their target. Their technique: to attack hospital equipment directly, whether computer or medical equipment, and exploit its vulnerabilities. This is called a physical cyberattack.

THE FRAGILE TARGETS OF PHYSICAL ATTACKS

HOSPITAL EQUIPMENT:

PHYSICAL VECTOR

Physical cyberattacks include attacks that specifically target the hardware aspect of medical, IT or operational equipment.

DEFINITION

These cyberattacks all share a physical dimension, with the cyber-criminal gaining physical access to the equipment in question and connecting to it to disrupt its operation.

ACCESSIBILITY

In hospitals, physical cyberattacks target not only medical equipment (medical imaging equipment, anesthesia machines, breathing apparatus, insulin pumps, etc.) but also more traditional computer equipment for hospital staff (computers, laptops, etc.).

 

 

Learn about cybercriminals’ key hardware targets and find some practical advice for preventing attacks with Mathieu Demont, Cybersecurity Expert at Siemens Smart Infrastructure France.

TARGETS

From the sabotage of machines to the alteration – or even theft – of health data, the impacts of a physical attack on a hospital are manifold.

 

Decipher them using a real-world scenario of a cyberattack on a hospital’s fire safety system.

IMPACT

This computer worm, which appeared in 2008, was detected by an American firm on connected medical equipment using obsolete versions of Windows. These included mammography machines.

Conficker returns

to compromise connected objects

2020 |

A series of vulnerabilities in the Bluetooth Low Energy protocol, called SweynTooth, affect chips in certain medical devices. These include certain cardiac pacemakers, glucometers, ultrasound systems and even insulin pumps, which can then be controlled remotely or blocked.

Medical devices

hit by

“SweynTooth”

2020 |

Israeli researchers simulated a “man-in-the middle” attack by physically smuggling a Raspberry Pi into a hospital. In this way, they were able to intercept medical imaging data transmitted via the DICOM protocol and demonstrate that it could be altered.

Alterable

medical imaging

data

2019 |

To guard against such attacks, it is necessary to provide optimal protection for machines at workstation level. The recommendation is therefore to implement systems for access control, external device control, and even behavioural analysis. This can mean installing “sheep-dip” stations which act as a decontamination area for USB keys. As a last resort, network segmentation makes it possible to limit propagation in the event of infection.

More about Stormshield solutions

SOLUTIONS AND RECOMMANDATIONS FOR PREVENTING A PHYSICAL CYBERATTACK

read our interactive ebook

In addition to the “Health safety in healthcare establishments” standard, hospitals must use approved machines to ensure patient safety. Medical devices must bear the CE mark – a sign of compliance with European legislation.

 

To find out more about the applicable legislative framework,

REGULATORY

UPDATE

Do you want to go deeper into certain issues involving the physical vector? Want to know more about workstation protection and behavioural analysis?

Start a discussion with our technical or sales teams.

Contact

Stormshield

Download this webpage in a PDF file

EXAMPLES

OF SOFTWARE ATTACKS

IN HOSPITALS