Combining digital technologies with medicine, medical device manufacturers for the healthcare industry continue to adopt advanced technologies. However, the information that the industry gathers is highly prized by cybercriminals and cyber gangs – patient data.
HIPAA (Health Insurance Portability Accountability Act), a U.S. Federal Government regulation enacted in 2006, is a set of rules governing how healthcare providers manage and protect healthcare information while protecting patient privacy. While these rules have been in place for over a decade, new attack vectors continue to exfiltrate patient data and hijack applications resulting in a 150% increase in healthcare breaches.
One of these attack vectors is exploiting the Internet of Medical Things (IoMT). There are over 500,000 different types of wearable, implantable, and stationary medical devices and these devices can deliver higher quality patient care, improve the sharing of information amongst healthcare professionals, and dramatically reduce cost.
Monetization of stolen data in general is big business for cybercriminal and cybergangs. Today, many cybercrime organizations are organized like a Fortune 500 company with revenue targets, bonuses and a team of highly skilled hackers that specialize in various forms of network infiltration and data exfiltration. Cybercrime is now a growing business that generates over $1 billion annually.
The healthcare industry is a high-value target for cybercriminals due to the substantial amount of valuable PII (Personally Identifiable Information) that medical records can contain. One record can contain social security numbers, credit card information, financial data, driver’s license number, and other data that can be monetized as a whole or sorted depending on what the buyer is seeking to exploit. Another factor is that it can take months for a compromised healthcare record to be identified. A healthcare record in the underground economy commands a price up to $50, compared to the next most prized and costly record, payment cards, which can be priced upward of $5.40. One of the differences that account for the price differential is that stolen payment card records are typically quickly identified and cancelled, making them a “perishable” commodity.
As with any maturing new technology, security is now a business necessity, especially for device manufacturers. For example, ransomware is plaguing the healthcare industry. It is a highly effective means of extortion used by cybercriminals – the amount of ransomware attacks on the healthcare industry tripled since last year. While ransomware often attacks healthcare IT systems, it has already infected medical devices as well
. There have also been numerous incidents where application software has been infiltrated and/or data exfiltrated from various medical devices. Protecting these devices from malicious threats such as application tampering, reverse engineering, and system/application takeover can literally be a matter of life and death, not to mention the loss of reputation, costly law suits, and severe financial ramifications which could lead to share devaluation and/or bankruptcy.
Cybercrime is a multi-front war that is waged on every industry, however, the healthcare industry is literally a goldmine for cybercriminals. Protecting both legacy systems and new technologies should be a part of any healthcare organization’s cybersecurity strategy to mitigate risk.
Protecting Healthcare and IoMT Applications with Intertrust’s whiteCryption® Technology
A common vector of attack on IoMT devices is exploiting vulnerabilities in the software applications associated with the device. This can include not only the software application running on the device, but applications on other devices such as smartphones that the IoMT device communicates with. whiteCryption, a subsidiary of Intertrust, has decades of experience with advanced proprietary security technologies and techniques used to protect software applications. We are in a unique position to help healthcare institutions greatly reduce their threat exposure and mitigate risk associated with IoMT devices, mobile and other platforms.
is a leading provider of application shielding solutions that prevent hackers from reverse engineering and tampering with application code. We specialize in world-class advanced obfuscation, tamper resistance, and white box cryptography solutions for mobile applications, desktop applications, firmware and embedded applications.
Our application shielding portfolio consists of two products:
- whiteCryption® Code Protection™ provides application developers with a comprehensive suite of anti-reverse engineering and runtime application security tools to help protect your applications on all popular target platforms. Code Protection is easy to use, provides simple means for fine tuning the balance between security and performance, and requires no significant changes to the code itself or the existing build chain.
- whiteCryption® Secure Key Box™ is an advanced white box cryptographic library that protects cryptographic keys for critical security functions such as device authentication, secure communications, and data encryption. With Secure Key Box, cryptographic keys are never in the clear in use, in transit or at rest. This prevents hackers from stealing your keys and using them to masquerade as users, snoop on secure communications, or unlock content that is critical to your business.
Learn more about whiteCryption at https://www.intertrust.com/products/application-shielding/