Cyber Extortion Schemes Undermining Patient Care
In some cases, a hacker can freeze a health organization’s entire computer system, preventing doctors from reviewing patient records and performing procedures. Medical records can also be held hostage, with a hacker promising to sell them if payment isn’t received. For example, Hancock Regional Hospital in Greenfield, Ind., was targeted by hackers in early January and ended up paying $50,000 to recover use of its computer systems.
Tennessee Hospital Hit with Cryptocurrency Mining Malware
On November 27, 2017, the hospital received a security incident report from its EMR system vendor, which said unauthorized software, designed to mine cryptocurrency, had been installed on the server supported by the vendor. An ongoing investigation has indicated an unauthorized attacker accessed the server with the EMR system and injected the software. The hospital’s EMR server contained data including patient names, addresses, birthdates, and social security numbers, as well as diagnosis and treatment data.
Increasing Hacker Threats to the Healthcare Industry
According to a recent report from cybersecurity firm Norton, hackers stole a total of £130 billion from consumers in 2017. These attacks hit over 978 million victims around the world and include large scale attacks on the NHS like WannaCry. However, surprisingly, still more than a quarter of those compromised believe they are safe from future attacks. Norton warns cybercrime victims that they’re not doing enough to protect themselves against these types of attacks and that attacks of this nature are only set to increase as new threat vectors are sought in 2018.
Poor Patching, User Education Leave Healthcare Providers Sitting Ducks for Cyber Attacks
Despite the masses of highly sensitive data that healthcare companies manage, new analysis has warned that chronically poor endpoint security, weak patching practices and high exposure to social engineering make the industry one of the worst-performing sectors when it comes to protecting data. […] The firm’s analysis, contained in its 2018 Healthcare Cybersecurity Report, ranked healthcare 15 out of 18 industries in terms of overall information security practices.
New Cybersecurity Measures to Protect Medical Imaging Devices Required, Warn Researchers
“CTs and MRI systems are not well designed to thwart attacks,” says Dr. Nissim, who simulates MID cyberattacks together with his MSc student Tom Mahler. “The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable.”
Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.
Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners. © 2017 Critical Informatics, Inc. All rights reserved.