Far from the cliché of the cyber-criminal, hidden behind a screen miles from the intended victim, some attackers get up close and personal to their target. Their technique: to attack hospital equipment directly, whether computer or medical equipment, and exploit its vulnerabilities. This is called a physical cyberattack.
THE FRAGILE TARGETS OF PHYSICAL ATTACKS
HOSPITAL EQUIPMENT:
PHYSICAL VECTOR
Physical cyberattacks include attacks that specifically target the hardware aspect of medical, IT or operational equipment.
DEFINITION
These cyberattacks all share a physical dimension, with the cyber-criminal gaining physical access to the equipment in question and connecting to it to disrupt its operation.
ACCESSIBILITY
In hospitals, physical cyberattacks target not only medical equipment (medical imaging equipment, anesthesia machines, breathing apparatus, insulin pumps, etc.) but also more traditional computer equipment for hospital staff (computers, laptops, etc.).
Learn about cybercriminals’ key hardware targets and find some practical advice for preventing attacks with Mathieu Demont, Cybersecurity Expert at Siemens Smart Infrastructure France.
TARGETS
From the sabotage of machines to the alteration – or even theft – of health data, the impacts of a physical attack on a hospital are manifold.
Decipher them using a real-world scenario of a cyberattack on a hospital’s fire safety system.
IMPACT
This computer worm, which appeared in 2008, was detected by an American firm on connected medical equipment using obsolete versions of Windows. These included mammography machines.
Conficker returns
to compromise connected objects
2020 |
A series of vulnerabilities in the Bluetooth Low Energy protocol, called SweynTooth, affect chips in certain medical devices. These include certain cardiac pacemakers, glucometers, ultrasound systems and even insulin pumps, which can then be controlled remotely or blocked.
Medical devices
hit by
“SweynTooth”
2020 |
Israeli researchers simulated a “man-in-the middle” attack by physically smuggling a Raspberry Pi into a hospital. In this way, they were able to intercept medical imaging data transmitted via the DICOM protocol and demonstrate that it could be altered.
Alterable
medical imaging
data
2019 |
To guard against such attacks, it is necessary to provide optimal protection for machines at workstation level. The recommendation is therefore to implement systems for access control, external device control, and even behavioural analysis. This can mean installing “sheep-dip” stations which act as a decontamination area for USB keys. As a last resort, network segmentation makes it possible to limit propagation in the event of infection.
More about Stormshield solutions
SOLUTIONS AND RECOMMANDATIONS FOR PREVENTING A PHYSICAL CYBERATTACK
read our interactive ebook
In addition to the “Health safety in healthcare establishments” standard, hospitals must use approved machines to ensure patient safety. Medical devices must bear the CE mark – a sign of compliance with European legislation.
To find out more about the applicable legislative framework,
REGULATORY
UPDATE
Do you want to go deeper into certain issues involving the physical vector? Want to know more about workstation protection and behavioural analysis?
Start a discussion with our technical or sales teams.