The alarming state of computer security in healthcare
Life support machines can be the difference between the recovery of a patient and the loss of a life. Imagine the implications of a poorly coded worm causing a respirator to turn on and off intermittently while connected to a loved one.
This issue was all too real for an American hospital when malware was injected through the neo natal intensive care unit to gain back access to a hospital network. The poor coding in the worm caused an error with a system of heart monitors. Premature babies went unmonitored for potentially fatal periods of time.
Why would anyone attack a hospital?
The data stored within healthcare networks remains a primary target for attackers on a global basis. By accessing a hospital network through a medical device, such as the neonatal intensive care ward heart monitors, attackers can infect medical devices with malware, then move laterally through hospital networks to steal confidential data.
Once criminals have hold of the data, they can easily keep that data hostage. Large ransoms are demanded in order to release this patient data and to unlock vital administrative systems. Hospitals have no choice but to pay if they wish to continue to offer any services.
An unfortunate outcome of these kinds of malware attacks is the unpredictable affect the worm will have on the machines they infect, such as turning heart rate monitors on and off again without warning.
According to IBM, healthcare has become the #1 most attacked industry in 2015, replacing financial services, which was the leader just two years ago. Data held for ransom is incredibly lucrative for cyber criminals. A prime example of how stolen patient data can provide a huge payday comes from the news that a hacker dubbed “thedarkoverlord” is reportedly trying to sell 655,000 patient records on an illegal online data market.
The problem with medical devices is that these kinds of hardware need to be in use for 10-20 years to pay off, but hardly any operating system is supported that long. Many of these devices were built as a static machine back then. Not as a changing or updating OS like that which we have today. If a device was to be continually updated, each update could kill the hardware drivers for the actual device so they are typically not touched or updated at all. The problem here is that once a hacker is in a network (with enough administrative rights) they can basically do anything they want such as stealing patient data and holding it for a large ransom. If these outdated machines must still be used, they have to be kept disconnected from the internet at any price.
Modern equipment comes with modern safety features
The presence of medical devices on healthcare networks creates high vulnerability. These medical devices will make these networks much more susceptible to a successful cyber attack. But, this is not only an issue in the healthcare industry. Attacks on medical devices are a prime example of what can happen if you continue to operate your business or work at home on out-of-date hardware with old software.
What can you do to avoid incidents like this?
Ask questions of your medical professionals. How do they protect client data? It’s unlikely that they will tell you anything but asking the right people might at least get those with the power to change things to start thinking about their vulnerabilities.
Have a great (malware-free) day!
Emsisoft Emergency Kit 11.9 released