Monday, March 27, 2017

Cyber attacks against hospitals are not just a thing from the past

A year ago, today...

Technological advances affect every side of our life but undoubtedly one of the most important fields affected is the field of medicine. The emergence of new techniques and surgical tools are making possible the research and evolution of medical techniques, which suppose saving the lives of many people around the world, or at least making those lives last longer. The only problem is that those responsible for hospitals sometimes leave out the issues of cybersecurity, which may be more important than they can imagine.

The computer insecurity in the medical centers was, and still is, an increasingly serious issue and that calls for urgent revision. It was a year ago when there was a wave of ransomware attacks targeting various hospitals in the United States. Those affected were Kentucky Methodist Hospital and California Chinese Valley Medical Center among others. At the Methodist hospital they had to declare an internal emergency while technicians attempted to restore access to encrypted files and e-mail. The ransomware was Locky, one of the newest at the time, which spread all over the internal network and infected multiple systems. Cybercriminals demanded a ransom of 1600€ to unlock the encrypted files, but nowadays it is still not clear whether the hospital finally paid it or not.

But ransomware is not the only threat to hospitals: poorly protected systems that suffer from unauthorized access, poorly built or configured instruments, databases that are not adequately protected... Security experts have recently shown how easy it is to pick a random hospital and attack it. Access to sensitive data could have serious effects, not only by stealing personal data from patients, but it could also affect their health or even put their lives at risk as cybercriminals could manipulate the results of diagnoses and their possible treatments. Such manipulation could result in wrong treatment and worsening of their medical condition. Let's hope that these possible attacks remain just as attempts, and that hospitals take it as a challenge to improve their safety.

But the danger was not only present in hospitals. Without leaving public health grounds, Verizon's latest breach report explained how a group of hackers got into a water company and manipulated water treatment systems. The company, according to the report, had outdated systems plagued with critical vulnerabilities. The entire control infrastructure was based on an IBM AS / 400 system, a system that was used in 1988, which was used by the operator to control each facility device (such as flow and valve control applications). Even more puzzling was the fact that a single employee, or an attacker, could manage the entire utility by accessing IBM's AS / 400 system.

Finally, we remember a piece of news of the CIA and Wikileaks that has much to do with the present. In this case they talked about mobile phone apps that spied on television programs that consumers watch, with the intention of creating profiles for marketing. The US Federal Trade Commission reprimanded a dozen developers about the code they included in their apps and performed this espionage function. The code was set to access the device's microphone to collect audio information even when the application was not in use.

As we have seen, many of the news from last year do not have much variation to those that appear nowadays. Cyber ​​attacks to hospitals and espionage campaigns to private organizations or users were carried out and are still being carried out today. But the good news is that they are 'caught' on time and can be fixed for possible damage, and they serve to reinforce security measures and give cybersecurity the importance it deserves
Imagen :


Post a Comment