The federal government issued a warning Aug. 4 about the rise in cybersecurity risks associated with Internet of Things devices in the healthcare and public health sector.
According to the report from the Health Sector Cybersecurity Coordination Center, if IoT medical devices are accessed, the functions of the devices could be changed by the hackers, causing harm to patients, or patient protected information could be compromised.
Five things to know:
- IoT devices are being targeted by criminals to add them to botnets for conducting large-scale Denial of Service attacks, which flood IoT networks with traffic to prevent communications.
- IoT devices are also being targeted by man-in-the-middle attacks. These attacks are where criminals eavesdrop on communications and steal sensitive data or tamper with communications.
- IoT devices are often left with factory settings, including default passwords. This makes the devices vulnerable to attacks, which can give cyber criminals access to the networks to which the devices are connected.
- If healthcare organizations have a flat network, where IoT devices, standard IT devices and operational technology are all on the same network, gaining access to an IoT device could allow a hacker to move laterally and access all devices on the network.
- The HC3 recommends changing passwords, changing default settings, avoiding universal plug and play, and limiting access to your networks to avoid these attacks.