The idea of hackers infiltrating pacemakers and other medical devices placed inside of patients can be disturbing and make for some great headlines. The real threat can lie with the manufacturers tasked with building these products. They hold a lot of confidential information on clients and vendors. What would happen if a hostile outside force gained access to this information?
Medical manufacturers may be exposing themselves to cyber attacks by not going far enough to protect holes in their IT infrastructure. It only takes one breach to lose the trust of providers and vendors for putting their information at risk. Here are three critical places where a lot of medical manufacturers drop the ball when it comes to providing adequate security around vulnerable network points.
- Use of Open-Source Software
It’s never been a better time to be a programmer thanks to all the freeware options available. Unfortunately, many developers don’t take the time to correctly secure the software they use. A piece of code put in for enabling direct chat capability between you and a vendor can leave an opening for hackers to get inside a company’s systems.
The problem gets compounded when these same programmers bristle at what they feel are onerous company restrictions. They sometimes install software from an unsecured external device brought from home. A random piece of malware floating around their computer ends up making its way inside the company to the delight of cyber attackers.
- Exposed Cloud Infrastructure
The cloud seems to be the future of a lot of healthcare technology, and medical manufacturers have been doing their best to keep up. They know vendors expect them to have the latest and greatest when it comes to cloud storage. Sharing information with ease is a common expectation.
Many of these companies may not have staff with the knowledge to securely port data over from legacy systems onto a new cloud architecture. Holes left behind allow outside attackers to get inside and obtain information from every internal and external company interaction.
An insecure install of a MongoDB could allow hackers to access default connections and gain access and other valuable data. This gets compounded if regular scans aren’t done to detect these vulnerabilities.
- Lax Internal Security Policy
We touched on this briefly when talking about programmers bringing in unsecured freeware, but an organization’s biggest downfall can be the employees working for them. It takes more than a perfunctory once-a-year five-minute briefing to instill a culture of data protection within an organization.
Drilling the importance of security makes it second nature for a manager to recognize suspicious links in emails. A lack of awareness leaves openings for hackers to gain crucial information. The vice-president of operations should not use unsecured WiFi networks when traveling for business. Even employees making a seemingly benign vacation posting could leave behind valuable clues for hackers looking for uninterrupted access to their workstation.
Let BCS take charge of your security needs and make it difficult for hackers to breach your network. Contact us today by calling (781) 871 – 0700.
