Ricky Chen: Developing Cybersecurity for Healthcare

Sep 07, 2020

The EternalBlue ransomware family has long been under control … for most systems. In healthcare, however, where Windows legacy OSes are extremely common, it’s still one of many major threats. These legacy OSes are just one major point of vulnerability for the medical industry – other such points include unpatched devices and flat networks. These and other issues for the healthcare sector were addressed in a talk given at the Info Security expo in Taipei on Tuesday, Sept. 1, by TXOne Networks’ Business Development Director, Ricky Chen.



Mr. Chen’s talk went on to cover in detail the key threats and weaknesses looming over healthcare technology, which we’ll detail here. In essence, there are two kinds of major concern in medical information security: privacy and infrastructure. Privacy includes data breach and data loss, while infrastructure concerns center on the protection of cloud and data centers, endpoints, mobile devices, security weaknesses in medical devices, and overall network security.


Hospital or clinic data breaches are extremely profitable for hackers, granting potential access to protected health information, payment information, and financial data. Such breaches have happened because of accidental disclosure, theft of paperwork or devices, or document loss, but the percentages of records leaked in these situations is extremely low — around 2-4% at most. Meanwhile, more than half of data leaks are due to hacking or IT incidents, and an average of 94.38% of records were leaked in cases that were apprehended. We say ‘that were apprehended’ because such breaches are extremely difficult to detect, as intruders will do their best to work stealthily so that they can leverage access for as long as possible. As with most modern threats, such attacks typically begin with phishing and social engineering.



Trend Micro Research Labs conducted healthcare security research showing medical legacy OSes and protocols to be extremely vulnerable — complicated network access control settings, unencrypted data transmission on secure protocols, and flat networks are areas typically requiring attention in healthcare security. On the other hand, at the level of endpoints, legacy OSes and unpatched devices are potentially easy access for malicious intruders.



5 Security Recommendations for Healthcare

  • Prioritize visibility and fine-grained access control at different levels – visibility is the first step because of the need to know the intent for the network and assets. Before you identify what legacy OSes, unpatched devices, and other potential vulnerabilities you might need to work with, you have to establish visibility.
  • Segment the network with technology sensitive to multiple protocols (HL7, DICOM, NTP, etc.) and centralize visibility management. The network is segmented based on the visibility and intent you’ve created for the system’s function.
  • Enforce good security policies – use a trust list, have control over files, data, and USB access, and have strong policies in place for management and visibility.
  • When discovering and onboarding devices, identify potential vulnerabilities for those specific devices.
  • Use solutions for threat detection and prevention – protection must be considered in terms of different surfaces and angles of attack, including the network, endpoints, and unpatched medical devices. Specifically, solutions that protect against malware for legacy OSes and detect anomalies must be deployed.


The medical industry is currently extremely vulnerable. Most nurses and doctors are extremely overwhelmed with their important, life-critical work, so they don’t have the time or energy to update their cybersecurity knowledge. The possibility of a lockout and ransom of a hospital’s entire collection of assets is standing out over the horizon, so the medical industry remains in need of dedicated IT-OT cybersecurity specialists.


To protect your network, learn more about our specialized defense hardware for OT networks: EdgeFire and EdgeIPS.

To protect endpoints, learn about our portable scan tool, Trend Micro Portable Security 3, and our lockdown software for fixed-use systems, Trend Micro Safe Lock.

To learn more about how to keep your operational environment protected, follow us on LinkedIn for regular safety updates, guidance, and new knowledge.

TXOne image

Need assistance?

TXOne’s global teams are here to help!

Find support