Medical devices such as X-ray machine, tomograph, defibrillator play a vital role in modern healthcare. But for those in charge of online safety and patient data protection, this equipment is a real headache.
Medical devices are designed for one purpose, such as tracking heart rate or diagnosing a patient's visual acuity. As a rule, manufacturers of such equipment think little about cybersecurity. Who in their right mind would dream of hacking into a tomograph? The thing is that the tomograph, being connected to the clinic's network, in the event of a hack, will compromise the entire network.
While the devices themselves may not store patient data, attackers can use them to launch a hacker attack on a server that does contain valuable information. In a worst-case scenario, a medical device could be completely taken over by hackers, preventing a medical healthcare organization from providing life-saving treatment to patients.
Hackers know that medical devices by themselves do not contain patient data. However, they see them as an easy target because they lack the level of security inherent in other network devices such as laptops and computers.
Threats to medical devices can create problems for medical organizations by giving hackers access to other network devices or by allowing them to install costly ransomware. Securing network devices, where possible, helps limit damage from external online threats.
The Information Systems Security Engineer will research and investigate the potential impact of new threats and exploits.