Wednesday, December 28, 2016

Better safe than sorry

The report of the week

Stuck in the last stages of the year, the cold has arrived and so the regrets, colds and flu to the cities.
For that reason, before our health turned weaker we will always need to have a good coat, hat, gloves... and of course, a good acetaminophen just in case. And if something teaches us medical advances is that, it's better to prepare for the worse than suffering and get sick.

However, the US medical industry could take their own advice, talking about cybersecurity, since a recent study by Trap X Labs reveals that in 2016 US health institutions have suffered 93 major attacks, 63% more than last year.

In order to contextualize this data, in 2014, only 9.77% of the major attacks on databases were targeted at health institutions, increasing to 21.11% in 2015. Currently, 31.42% of Attacks against databases goes to this kind of organisms. The growth consequences about these such attacks are becoming a serious threat, not only against the privacy of patient’s data, but also for their own physical integrity.

All of this happen because cybercriminals have found a goldmine in the so-called medjack. These kind of attacks create back doors in security systems sticking inside the medical devices of the hospitals. Its main access routes are in diagnostic equipment, scanners, or resonance machines among others. When the cybercriminal get access, they moves sideways to get the valued databases with all the information.

However, the report adds that cybercriminals are improving  and getting into the vulnerable defenses of these institutions with new techniques even if the ransomware is quite old. Another of the most recurring tactics this year has been extortion through ransomware. In 2016 more than 2,000 variants of ransomware have been detected, because it is easier to manufacture and use it than other types of attacks.

In order to obtain this type of attacks against these institutions, Trap X recommends in its report to review budgets and initiatives in cyber-defense, implementing at the levels of organization new technologies that allow to identify attackers who have already penetrated their defenses. In addition, they apply for these organizations to incorporate strategies that review and solve the latest problems with medical equipment, limiting the access to these devices.

After reading this report, the phrase "better safe than sorry" becomes an absolute truth. Looking back, we find that criminals have left America's health care institutions needing cybersecurity. Of course, we hope that after a full year of attacks, the industry takes note and not falling into the same trap twice.

Image source:


Post a Comment