The mere fact of the COVID pandemic\u2019s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head \u2013 cyberattacks, particularly those based on ransomware, have become more common as the disease spread, targeting medical IoT devices and healthcare networks.\nAccording to Forrester Research analyst Chris Sherman, two U.S. hospitals have already been attacked via virtual care systems, after a hacker targeted a vulnerability in a medical IoT device (specifically, a remote patient-monitoring sensor) and gained access to the hospitals\u2019 patient databases. And in another type of attack, the Fresenius Group, a medical device maker and the largest private hospital operator in Europe, has been hit by ransomware.\n\n\u201cTo me, it\u2019s clear attackers are increasing their focus on medical devices,\u201d Sherman said. \u201cThe attackers are directing their efforts really to any system that\u2019s exposed to the internet, which is a concern given how flat most healthcare networks are.\u201d\nThe precise extent to which threats have risen due to the pandemic is unclear, but most experts agree that there seems to be a correlation. Sherman said that some reports place the figure as high as three to five times the number of attacks that would ordinarily be expected, but argued that those figures might be a slight exaggeration.\nHealthcare providers are particularly ripe targets for ransomware attacks for several reasons. Medical IoT devices are, all too often, poorly secured against intrusion, according to NTT Canada\u2019s cybersecurity practice lead, Stew Wolfe.\n\u201cA lot of these machines are not designed with security in mind, so they\u2019ll have default passwords in a manual you can look up on the Internet,\u201d he said, adding that there\u2019s a physical security element that\u2019s also worrisome. Many hospital wards and clinics are effectively open to the public, making it relatively simple to gain direct access to insecure devices.\n\u201cGetting access to this stuff is pretty easy,\u201d Wolfe warned. \u201cYou can just walk around and get into some of these areas that you shouldn\u2019t.\u201d\nSherman said the spike in the use of telehealth and virtual-care systems represents a response to a tempting attack vector. These are systems that, typically, were isolated on networks local to the hospital, \u201cbut now they\u2019re enabling these to be used remotely, and it\u2019s being done very fast without an emphasis on security,\u201d he said.\nRansomware\nNot all analysts are convinced that healthcare is a particular target for malicious hackers at this point, however. Gregg Pessin, a senior director and analyst at Gartner Research, said that hospitals and clinics may well fall victim to ransomware, but that the greater threat vector is phishing attacks that might not be targeting them specifically.\n\u201cIn most cases, healthcare is not in the gunsight, the malware is just sent out to the world, and if a healthcare employee hits the bad link their organization falls victim,\u201d he said.\nStill, ransomware attacks against healthcare providers may be a more likely payoff for criminals, given the mission-critical and time-sensitive nature of medical networks. A hospital that needs its technology to be functional at all times for the sake of patient care is more likely to simply pay the ransom than to attempt to recover systems that have been locked up by ransomware.\nNetwork segmentation\nOne of the main ways that healthcare providers can protect themselves against medical IoT-threats is the use of network segmentation, or making sure that potentially vulnerable operational devices aren\u2019t connected to the same parts of the network as IT systems that can reach sensitive and infrastructure data, Pessin said.\nBefore that happens, however, it\u2019s important to have an awareness of and visibility into the full range of devices on a given network. Pessin said that many healthcare providers are already investing in inventory and tracking software that can autonomously detect medical IoT devices on a network and track whether they\u2019re behaving suspiciously or not. Patching devices that have that functionality is crucially important as well, said Sherman, as is updating older systems that have known vulnerabilities and can\u2019t be patched remotely. \u201cIt can be expensive, but it\u2019s really necessary,\u201d he said.\nFinally, according to Wolfe, simply having a better organizational awareness of the presence of security threats can be a big help in combating them.\n\u201cTrain your doctors and nurses to recognize a malicious email, and work with the [medical-device maintenance] teams in the hospitals" to secure devices against threats, he said.