Ransomware Attacking Medical Imaging; The Cloud is the Key

| May 22, 2017

Healthcare is an appealing target for cybercriminals. Last year cyber attacks led to the loss of 13 million patient records, according to Symantec Corp., a company focused on addressing cyber threats. Last August Banner Health alone, with its 23 hospitals and specialized facilities across seven states, reported a data breach affecting 3.7 million patients and staff. The attack is believed to have occurred in June. It was discovered a month later, long after the data was gone.

Banner responded quicker than most.  On average, it takes 229 days to find a breach and 82 to contain it, according to the Ponemon Institute, a cybersecurity research company. Attackers are typically in and out in less than an hour.

Attacks On Imaging

Legacy imaging equipment and outdated medical IT systems are easy targets. Maintaining and updating PACS is very costly and time consuming. These systems serve as “pivot points” for cyber criminals, weak links by which hackers can get into medical information technology systems. What makes them weak is their reliance on obsolete operating systems like Windows NT and XP, which do not have up-to-date security.

Cyber criminals don’t even have to steal patient data.  They can hack an information system, encrypt the data, then demand payment to decrypt it. This kind of attack, called ransomware, is growing in popularity.


Ransomware attacks against all industries, not just healthcare. It rose from 1,000 per day in 2015 to 4,000 per day in 2016, according to the U.S. Department of Justice. The malware is usually delivered through “spear phishing,” in which an unsuspecting person in the network opens an email from what appears to be — but isn’t — a known person.

Once the data is encrypted, it can’t be fixed by anyone other than the cybercriminals.

Good Intentions, Bad Security

Noble intentions can be the root of vulnerabilities. Extending the life of a legacy system to save money is one. Another is patient engagement. Spurred by patient demands for increased access to their data and images, as well as “meaningful use” mandates from the Federal government, providers have created a plethora of patient portals.

Legacy Liabilities

So, what can be done? For starters, the potentially disastrous vulnerabilities of legacy systems have to be resolved. Among the legacy systems are X-ray systems, C-arms, CTs, MRI and other scams scanners that are running outdated operating systems (OSs). Patch them or replace them — if not the equipment, the OSs, cybersecurity gurus agree, before that “too good to throw out” system ends up costing you millions. (Last year the average total cost of a data breach was $4 million, according to the Ponemon Institute.)

But not all legacy systems are X-ray machines or scanners. Many are holdovers from the last PACS or IT upgrade and installers of the more efficient IT systems are either unable or unwilling to bring all the data into the new equipment, the interfaces often become so complicated that, when problems occur, the IT staff often has trouble finding the root causes. That can be a nightmare from a cybersecurity perspective.

Healthcare providers should sack these legacy applications as soon as possible, however, there is a general sense of apathy working against doing so. There are too many healthcare organizations not paying attention to this.

The Cloud is Key if you select the right strategy

Vulnerability to cyberattack is taking on a new dimension, as providers move patient data into the cloud. People are taking advantage of the fabulous opportunity to collaborate and get their jobs done using cloud applications. The problem, according to the senior director of cloud security at Symantec, is that “your data is going all over the place.”

Radiology provides some of the easiest targets for cyber criminals. Continued use of outdated imaging systems and a growing interest in enterprise imaging are among the reasons.

With their easily hacked operating systems, legacy X-ray systems and scanners are particularly vexing . Enterprise imaging is increasing risk, according to Lee Barrett of the Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit accreditation commission for health IT. The interconnection of IT systems necessary to add “ologies” and linking them to electronic medical record (EMR) systems mean more potential entry points for hackers and access to more data records.

Driven by the need to collaborate, as well as increase efficiency and lower costs, processing operations and data are moving into the cloud — or, more exactly, to data centers that are accessed over the internet. This is raising some security issues. But patient data may actually be safer in some clouds than in on-premise archives. Few hospitals conduct penetration tests as often as large public cloud providers do.

The hurdle for putting all patient data on the cloud has more to do with efficiency than security, traditionally Cloud-based systems aren’t fast enough. However, there are emerging technologies such as Nucleus Health which solves the latency issue while protecting images by using Azure and taking advantage of Microsoft’s resources to protect the cloud infrastructure.


Category: Uncategorized

Comments are closed.