The New Cyberthreat To Healthcare: Killware

By   Anthony Moillic
, Netwrix | Apr 20, 2022 01:19 am PST

Ransomware in the healthcare sector

For years, the focus of cybersecurity efforts in the healthcare sector has been on protecting medical records and other sensitive patient information. Clearly, attention to data security is vital — ransomware attacks and data breaches remain the main threats for the healthcare sector and protection of sensitive information is required by strict regulations, including HIPAA.

And these cybersecurity efforts have delivered impressive results; healthcare organizations have strengthened their defenses through both technological measures and education of staff about proper cyber hygiene. They are also getting better at restoring encrypted data without paying ransom, thanks to better backup and recovery strategies.

From ransomware to killware

Not surprisingly, however, cybercriminals remain eager to extort money from healthcare organizations, so they are shifting their tactics. A vicious new cyberthreat is emerging: killware. While ransomware encrypts sensitive data, killware is malware that can cause physical harm or even death.

Killware is not limited to the healthcare sector; for example, we have already seen killware attacks on critical infrastructure, such as water treatment plants. But healthcare organizations are a prime target for killware because of the widespread use of Internet of Things (IoT) devices in medicine: from respirators and IV infusion devices to systems that direct ambulances to the closest hospitals. When these devices are compromised by killware, healthcare organizations have little choice but to pay the ransom to protect the lives of their patients — making killware attacks on the healthcare sector an extremely lucrative “business model” for cybercriminals.

Why healthcare IoT devices are so vulnerable

Unfortunately, the security of IoT medical devices is often sorely neglected. Indeed, the number of vulnerabilities related to IoT devices increased by 16% in 2021, compared to a growth rate of just 0.4% for vulnerabilities overall. 

Multiple factors increase the risk of successful killware attacks in the healthcare sector. One is that IoT devices, especially implantable ones like pacemakers, are built to last decades, so the software controlling a device is likely to become outdated while the device is still in use — giving cybercriminals weaknesses to exploit and plenty of time to identify them. In addition, development teams have historically been focused primarily on the medical benefits of the devices and may have failed to anticipate the security risks that have since emerged. More broadly, the top priority of healthcare organizations is patient care, so during budget allocation, cybersecurity often gets insufficient funding.

How healthcare can combat the killware threat

Recognizing the grave and urgent problem of IoT security in healthcare is the first step in reprioritizing budgets to empower IT teams to mitigate the threat of killware. Crucial practices and policies to put in include the following:

·   Segmentation — IoTs must be isolated using network segmentation so that a compromised device cannot impact the whole network.

·   Access control — IT teams must strictly limit who (humans and machines) can access what data and systems according to the least-privilege principle, and regularly review and right-size those access rights.

·   Data classification — Stored data should be classified based on its sensitivity so it can be protected accordingly.


Increased digitization requires organizations to adapt their cybersecurity strategy to meet the rapidly changing threat landscape. In the healthcare sector, this includes recognizing and responding to the increased threat to IoT devices from killware that directly threatens the life of patients. Indeed, cybersecurity must be recognized as just as important as the daily care of patients.