Ransomware attacks against healthcare professionals have become more common and sophisticated over the past couple of recent years. Despite the efforts to reduce the risks of attacks, they still occur frequently, severely affecting medical devices and other critical infrastructures in this sector.

Increasing security measures to prevent attacks on vital devices for the sector, such as artificial cardiac pacemakers and ventilators, CT scans, MRI scans, and scheduling appointments, among others, has become a priority for health care centers. In addition, other devices must be kept safe in health centers; although not directly associated with the patient’s health, points of sale, access cards, security cameras, among others, are just as essential in the healthcare process. The medical system usually includes information systems and networks that contain relevant information about the patient, the health personnel, and the care center.

Part of the measures that healthcare centers are taking into account is to carry out maintenance and update their equipment. This is to minimize the risks that medical devices run, improve patient care, and guarantee the safety of both the information about the patient and the healthcare center.

Another important measure that must be incorporated into these medical devices is that security is taken into account from their design to avoid different threats, including those from ransomware. Manufacturers currently are not bound by any legal requirement to incorporate cybersecurity elements in these devices, which would make a significant advance in terms of security in the health sector.

In the case of storing data in the cloud, there are already FDA cybersecurity guidelines, which include: disaster recovery, incident management processes, data protection, and frequent security audits when a data breach occurs, the person responsible for the attack is the medical institution and not the cloud service provider, which generates greater attention to compliance with these requirements to minimize the risk of an attack.

Finally, it is crucial to raise awareness of the importance of constant monitoring of security breaches that may arise in these devices to minimize the risk of an attack. This is a team effort that can be accomplished in conjunction with manufacturers, system providers, connection providers, and end-users to minimize the vulnerabilities of connected medical equipment.