Startup secures devices from ransomware attacks that threaten patients’ lives
By: John Jaffay
Our hospitals are under attack. Critical equipment is vulnerable to hackers who will stop at nothing, even if it means putting patients’ lives at risk.
Last October the Hillel Yaffe Medical Center, in Hadera, central Israel, made headlines when it became the victim of a high-profile ransomware attack. No patients were harmed, but staff had to update records with pen and paper after the hospital’s computer system was hit.
Israel’s Health Ministry blamed Chinese hackers, who, it said, were motivated purely by financial motives. Reuven Eliyahu, the ministry’s cybersecurity chief, said at the time that the country’s health sector was being targeted “tens of thousands of times a month”.
Hillel Yaffe did not pay the ransom, reported to be $10 million, according to a Channel 12 news report, and lost data that had been encrypted by the hackers.
But healthcare organizations are, generally, among the most likely to give in to the hackers’ demands. For obvious reasons. And the fact that they pay up – and two thirds do, according to UK software company Sophos – only serves to encourage a cycle of further attacks.
An Israeli startup OneLayer is among those leading the fight against hospital hackers. It is securing individual devices within hospitals to stop cybercriminals gaining access to their entire computer systems.
It’s building virtual iron curtains into the technology so that if an intruder does manage to get in, there’s only so far they can go. If they hack the surveillance cameras, for example, they won’t be able to reach the MRI scanner.
Hospitals today are crammed with “connected” devices. Anything that communicates, from a smartwatch to a wi-fi-enabled washing machine is called a connected device.
In hospitals we’re talking about patient monitoring equipment, x-rays and other imaging devices, robots that guide patients between departments, blood pressure meters, glucose monitors, electrocardiograms and smart beds that automatically adjust to make the patient feel more comfortable.
All this equipment, and much more besides, is connected to a private 5G network, much like the network your smartphone uses to send and receive voice calls and data. In the old days hospital equipment used cables to connect. Then they moved to wi-fi, but the coverage and connectivity could be patchy. So over the last three or four years they’ve been switching to 5G LAN (Local Area Network) which is much better, but which remains vulnerable to attack.
Hackers will target an individual device, let’s say a hospital robot, not because they want take control of it, but because it’s an access point. Once they’ve broken in through a back door, they’re free to wreak havoc wherever they choose.
OneLayer’s solution is to segment the network into a series of “protected corridors”, limiting the damage an intruder could cause. “If you segment the network, one area being compromised will not affect the other,” Dave Mor, CEO and Co-Founder of OneLayer, tells NoCamels. “So for example, a surveillance or security camera is very vulnerable and an easy target for an attacker.”
He says the OneLayer approach, using software to protect individual devices, is more effective than other methods, which scan the network problems, but can lead to can lead to congestion and the potential loss of data.
“Gaining access to the surveillance cameras only doesn’t provide much value because it’s not a critical piece of equipment, like an MRI scanner,” says Mor.
“But if we able to prevent the camera from communicating with the MRI, we can maintain the day-to-day work of the hospital. If one group of devices has been compromised, it will not affect the other.
“A robot, for example, is a vulnerable device. Hackers want to use it as an attack surface as a penetration point. The Hillel Yaffe attack was a ransomware attack. They wanted to stop the use of the MRI. There are attempts all the time on hospital security and most of them are not made public.”
Tel Aviv-based OneLayer is applying software to individual devices, in the first instance to doctor carts – the medical workstations on wheels that can be moved between patients.
It currently has contracts with two Israeli hospitals – Galilee Medical Center, in Nahariya, and The Baruch Padeh Medical Center, in Poriya, near Tiberias – in partnership with Nokia and Cellcom. In both hospitals it’s securing 250 doctor carts and will then move on to other medical devices, patient beds, and IoT (Internet of Things) devices.