Elekta Cyberattack Took Some Us Cancer Radiation Services Offline

BACKGROUND:

Elekta, a Swedish service provider of advanced radiation treatment software, has confirmed a security breach of their software for linear accelerators used in radiation therapy. The breach is reported to have resulted in service outages 42 US hospitals and care centers. A cybersecurity expert with Byos offers comments in response.

Experts Comments

April 30, 2021
Saryu Nayyar
CEO
Gurucul

Here again we see the healthcare market being targeted by cybercriminals. In this case it's a supply chain attack via a third party application, Elekta. It's so devastating when people's lives and medical treatments are at risk due to ineffective or outdated cybersecurity measures.

 

As always, organizations are only as secure as the weakest link in their supply chain. Malicious actors will look for any way in and will always take the easiest path. The best defense is a proactive offense. If

.....Read More

Here again we see the healthcare market being targeted by cybercriminals. In this case it's a supply chain attack via a third party application, Elekta. It's so devastating when people's lives and medical treatments are at risk due to ineffective or outdated cybersecurity measures.

 

As always, organizations are only as secure as the weakest link in their supply chain. Malicious actors will look for any way in and will always take the easiest path. The best defense is a proactive offense. If your third party vendors can’t maintain adequate security protocols then you will have to put in place proactive measures such as behavior-based security analytics which can detect these sorts of unknown threats in real-time. Saving lives is of utmost priority.

  Read Less
April 30, 2021
Matias Katz
CEO
Byos

This attack demonstrates the need to rethink how medical equipment and devices can be secured online using zero trust principles. Healthcare Delivery Organizations rely on a universe of OEMs and 3rd party integrators to manage, patch, update, monitor and troubleshoot some of the most critical and sensitive software, medical equipment and devices.

 

Flat networks, or networks with minimal segmentation will continue to experience these kinds of widespread-impact incidents. Undergoing a full zero

.....Read More

This attack demonstrates the need to rethink how medical equipment and devices can be secured online using zero trust principles. Healthcare Delivery Organizations rely on a universe of OEMs and 3rd party integrators to manage, patch, update, monitor and troubleshoot some of the most critical and sensitive software, medical equipment and devices.

 

Flat networks, or networks with minimal segmentation will continue to experience these kinds of widespread-impact incidents. Undergoing a full zero trust implementation can take time, but a simple and achievable first step would be to apply the principles of "micro-segmentation" to minimize the risk of lateral movement and mitigate the impact of breaches from supply chain attacks. When networks are micro-segmented, IT has more visibility and control over the traffic flows and can isolate and remediate endpoints at the time of attack, while ensuring the rest of the network is protected.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.