Home Featured From Fax Machines to Pacemaker Hacks, Numerous Points of Entry for Cybercrime in Healthcare

From Fax Machines to Pacemaker Hacks, Numerous Points of Entry for Cybercrime in Healthcare

by Margaret Brown

In this news roundup, Future Healthcare Today shares stories about cybercrime in healthcare. According to a report, healthcare is targeted by hackers more than many other industries, so healthcare IT leaders must remain diligent and prepared to protect data and networks against evolving cyber threats. From protecting personal health information (PHI) to protecting pacemakers from hacks and keeping malware away from fax machines, the healthcare industry has numerous fronts to secure against cyber criminals. Read the latest stories here:

The Healthcare Industry is in a World of Cybersecurity Hurt

As a relentless swarm of successful cyber-attacks severely disrupt companies in every industry and require enormous expenditures to repair the damage, what typically gets lost in the shuffle is that some industries are victimized more than others. The corporate victim that almost always grabs this dubious spotlight is the healthcare industry — the second-largest industry in the United States. Hacker meddling of healthcare operations not only costs lots of time, money and operational downtime, but it also can threaten lives. The healthcare industry itself is partly responsible. In aggregate, healthcare organizations on average spend only half as much on cybersecurity as other industries. For this and other reasons, such as the unusually high value of stolen patient records on the black market attracting hackers, hospitals find themselves in a never-ending cyber war zone. In fact, a report showed that in 2017, healthcare saw an average of almost 32,000 intrusion attacks per day per organization compared to ~14,300 per other industries. Read the article here.

Subscribe Today

What Does Digital Transformation Mean For Healthcare Security?

The age of digital transformation in the healthcare field is here and offers better patient care backed by streamlined data and operations. Thanks to the Internet of Things (IoT), Telemedicine, artificial intelligence, and automation, healthcare providers can offer improved patient services at a lower total cost. While these technologies improve patient outcomes and overall cost, they do come with the potential for compliance and security risks. According to IDC Futurescape Worldwide Healthcare IT Predictions, within the next five years, 80 percent of healthcare service interactions will use IoT and analytics to improve the value, timeliness, and quality of patient services. While digital transformation in healthcare has a long list of benefits to patients and providers alike, it also can make the industry more vulnerable to cyber-attacks. It is important that healthcare professionals understand the value of the technology and data they have access to and that they must create strong information security along with it to ensure they don’t fall victim to cyber-attacks. Read the article here.

Black Hat 2018: A Pacemaker Hack That Can Stop The Heart

At the Black Hat 2018 security conference, two researchers revealed a pacemaker hack that makes it possible for attackers to remotely install malicious updates that cause the device to malfunction. The researchers said that they had informed the medical device manufacturer about these vulnerabilities in January 2017. However, the attack methods they found then still work today. The duo demonstrated two hacks that compromised CareLink 2090 programmer – the medical device used by doctors to control pacemakers once they are implanted in a body. The first hack exploits the method in which the programmer receives updates from Medtronic. Apparently, the updates that are delivered to the device aren’t secured by HTTPS connection and firmware isn’t digitally signed. As a result, they were able to forcefully run a malicious update that cannot be discovered easily by doctors. The other hack takes advantage of the vulnerabilities in the servers used by Medtronic inside its internal network to deliver software updates. The duo also presented a hack that worked against a Medtronic-made insulin pump. Read the story here.

Fax Machines Are Still Everywhere, And Wildly Insecure

While it’s tempting to think of fax machines as a relic, fields like healthcare and government still rely on faxes every day. Even your all-in-one printer probably has a fax component. New research shows that vulnerabilities in that very old tech could expose entire corporate networks to attack.

In fact, the surprising ubiquity of fax machines is what inspired Check Point researchers Yaniv Balmas and Eyal Itkin to analyze the tech’s present-day security posture. Vulnerable network printers are a classic target, and the researchers found that they could similarly exploit bugs in faxes to get inside private networks. “Everybody is still using fax, and nobody really looks at it as a valid attack vector. We thought, ‘What if we could exploit a printer just by sending a malicious fax?’ In an all-in-one printer, one side is connected to the phone line while the other side is connected to the network. We showed that if we could take over the device, we could then move into the internal network.” Read the article here.

Want to keep up to date on the latest healthcare IT news? Subscribe today.

You may also like