A report points out that hijacking of medical devices and broader use of ransomware both increased in 2016, and warns of the new healthcare cyber risks coming in 2017.

Looking back on cybersecurity in healthcare in 2016, researchers determined that both the practice of medical device hijacks and the wide use of ransomware became more commonplace this year.

Frightening as that trend may be, security experts from TrapX Labs, a division of TrapX Security, Inc., predict more unparalleled cyber attacks in 2017 and an increasing focus on Internet-of-things (IoT) connected medical devices.

According to findings reported in "Health Care Cyber Breach Research Report for 2016," from TrapX Labs, there were 93 major cyberattack data breaches reported in 2016, a 63% annual increase. The report also lists the biggest healthcare data breaches of the year, including attacks at Banner Health, Newkirk Products, Inc., and 21^st Century Oncology.

"Sophisticated and persistent cyber attackers, are, in our opinion, the single greatest threat to the protection of patient-health care data, critical health care operations and, ultimately, present a direct physical risk to patients," Moshe Ben Simon, cofounder and vice president of TrapX Security, said in the report.

In 2017, the report expects ransomware attacks, which took place more frequently at large and mid-sized healthcare centers in 2016, to hit smaller and mid-sized practices as well.

"Ransomware will grow to unprecedented levels in 2017 across global health care institutions," the authors wrote. "Given the rapid ROI [return on investment] for this attack and the easy access to non-traceable money (such as bitcoin), this automation makes it relatively easy for moderately sophisticated attackers to deploy attacks in much greater volumes."

Cyber criminals are expected to continue expanding this range to facilities like imaging centers, surgical centers, diagnostic labs, and skilled nursing facilities too, the authors wrote.

Medical devices have already been identified as a potential source of weakness to be exploited by hackers. Perhaps more worrisome are the new methods of entry cyber criminals may have at their disposal. The TrapX experts highlight connected medical devices that have IoT capabilities as a potential new target. Just how big is this target? The report notes that there are more than 6.4 billion IoT medical devices estimated online in 2016.

"Most IoT devices manufactured today have no integrated cyber defense and do not allow third parties to install security software . . . manufacturers recommend that security for IoT devices be achieved by installing it behind a firewall, which is absolutely no longer a guarantee of safety in today's environment," the authors wrote.

[Image courtesy of DAVID CASTILLO DOMINICI/FREEDIGITALPHOTOS.NET]