Malware Attacks Increasingly Targeting Healthcare IoT Devices

Medical IoT device, photo by Adobe Stock

With the Covid-19 pandemic inspiring growing investment in remote healthcare, it’s unsurprising to learn that the health industry is increasingly turning to IoT solutions. Unfortunately, as the number of IoT devices in healthcare grows, so too has the number of malware attacks targeting them.

According to a recent report from IT security firm SonicWALL, the number of global ransomware attacks more than doubled in 2021, with the healthcare industry, in particular, experiencing a roughly 755% increase in incursion attempts. Within this data, is a 71% increase in malware attacks specifically targeting healthcare IoT devices.

Medical IoT devices, photo by Adobe Stock, IV Drip

Which Healthcare IoT Devices are Being Targeted?

Voice Over Internet Protocol (or VOIP) devices make up about 50% of the average healthcare facility’s IoT footprint. It’s not surprising, then, that they represent a substantial target for hackers. This came to the forefront in 2021, when a series of ransomware attacks targeted US Healthcare and first responder networks demanding payments as high as $25 million or facing the loss of important files.

Despite a comparatively small footprint (an estimated 38% of the average medical IoT deployment), the devices most commonly targeted by malware are IV Pumps, According to Cynerio’s State of IoMT Device Security as many as 73% of these devices are operating with a known vulnerability that could endanger “patient safety, data confidentiality, or service availability.” 

McAfee’s Advanced Threat Research team recently reviewed one such device and found more than five separate vulnerabilities that could grant hackers access to the machine’s vital systems, impact its calibrations and affect how it delivers medicine. 

“What’s important with these pumps is having really precise control of the speed and quantity being delivered,” senior security researcher Phillippe Lailhere told the Cybercrime Magazine podcast. “So of course, that leads to real impact and that can be pretty dangerous for a patient.”

Other IoT devices commonly targeted include ultrasounds, patient monitors, IoT gateways, IP Cameras, and more.

IoT devices, security, Interface, image by Adobe Stock

How Are Hackers Getting In?

The Cynerio report claims that more than half of all IoT devices regularly used in a medical center are operating with some form of known vulnerability. Yet while vulnerabilities like Urgent11 and Ripple20 are valid threats that affect around 12 percent of medical IoT devices, the most commonly exploited methods from hackers tend to be from improperly or entirely unsecured devices. 

From weak authentication protocols and default password hashes to hidden backdoors easily discovered in device debugging logs, the bulk of security breaches stem from what researchers refer to as “a lack of basic cybersecurity hygiene.”

Failing to maintain product update patches and reliance upon default passwords, in particular, have been identified as problematic behaviors that can be costly for medical facilities. Similarly, many IoT devices have vulnerabilities outlined in product manuals and logs that can be easily obtained online. 

This lack of attention to basic security is compounded by the healthcare industry’s reliance upon legacy platforms and devices with long lifecycles. Though these issues are relatively easily addressed with proper patch management and attentive administrators, scaling this response to larger deployments can be time-consuming and costly.

“Without IoT security in place, hospitals don’t have a simple way to check for these risks before attackers are able to take advantage of them,” said Cynerio. “Usually without healthcare IoT, security hospitals can still identify risky devices with lousy passwords, but shutting down services and changing passwords is going to be hugely difficult and complex.”

The Importance of Securing IoT Devices

It is estimated that the average cost of an IoT-focussed cyber-attack is roughly $330,000. The average cost of a data breach within a healthcare setting, meanwhile, averages out to $7.13 million. As such, properly securing IoT devices is an integral part of any deployment – particularly in an environment that traffics in sensitive data, such as medical records. 

“While ransomware attacks can easily disrupt regular business operations, it’s quite another reality when critical medical facilities, devices, and life-saving health data are impacted and potentially taken offline,” Dmitriy Ayrapetov, vice president of platform architecture at SonicWall told SC Media.

Password, IoT Devices, Cyber security, Image from Adobe Stock

Building a More Secure Medical IoT

In an effort to help address his growing challenge, the healthcare industry is stepping up its investment in IoT security. According to a recent report from Verified Market Research, the global healthcare IoT security market is expected to reach a valuation of $5.09 billion USD by 2028.

To help ensure that that future is a safe and prosperous one, a consortium of 104 different tech organizations recently published a letter announcing a “global consensus” on IoT security standards that should be addressed through government regulations or voluntary decisions within private enterprises. The letter outlined five tenets of IoT security including:

  • Regular Software updates
  • An end to default passwords
  • A vulnerability disclosure policy for product manufacturers
  • Secure Communications
  • Ensuring secure data 

“Those of us endorsing this statement come from across stakeholder groups, including members of industry at various stages of adopting these best practices,” the letter reads. “We recognize that implementing these capabilities poses different challenges to manufacturers and vendors around the world. We also recognize the broad range of stakeholder activity relevant to this work.”

Of course, Soracom’s IoT platform offers a number of options to help secure your fleet from malware and bad actors. From private networking tools like Soracom Canal and Soracom Door, to secure provisioning tools like Soracom Krypton, Soracom can help design a secure solution that fits your deployment.


Do you have questions about an IoT project? Speak with one of our experts today to learn how Soracom has helped more than 20,000 innovators deploy, scale and secure their IoT projects.