Team Analysis and Kaspersky Lab Global Research conducted field research in a private clinic with the intention of exploring their security weaknesses and how to resolve them. vulnerabilities in medical devices that opened a door for cybercriminals have access to personal data of patients were found, as well as their physical well-being.
A modern clinic is a complicated system. It has sophisticated medical devices comprising fully functional computers with operating system and installed applications. Doctors rely on computers, and all information is stored in digital format. In addition, all technologies related to the area of health are connected to the Internet. Therefore, it is no surprise that both medical devices and IT infrastructure of the hospital and have previously been targeted by hackers. The most recent examples of such incidents are kind ransomware attacks against hospitals in the US and Canada. However, a massive malicious attack is just one way in which criminals might take advantage of the infrastructure of a modern hospital.
Clinical store personal information of their patients. They also possess and use very expensive equipment, difficult to fix and replace, which makes them a potentially valuable target for extortion and theft of data.
The result of a successful cyber attack against a medical organization may differ in some detail, but it is always dangerous. It could involve the following:
- The criminal use of personal data of patients: the resale of information to third parties or require the clinic to pay a ransom to retrieve sensitive information patients;
- the deliberate falsification of patient results or diagnoses;
- damage to medical equipment can cause both physical injury to patients and huge financial losses to a clinic;
- negative impact on the reputation of a clinic.
Exposure to Internet
the first thing the expert from Kaspersky Lab decided to explore when making this research was to understand how medical devices are connected to the Internet around the world today. Modern medical devices with fully functional computers with an operating system and most of them have a channel of communication with the Internet. To hack them, criminals could interfere with its functionality.
a look at the Shodan search engine for Internet-connected devices showed hundreds of devices- from MRI scanners, to cardiology equipment, radioactive medical equipment and other related devices are registered. This discovery leads to conclusions preocupantes- some of these devices still work with older operating systems like Windows XP, with unpatched vulnerabilities, and some even use default passwords that can be easily found in manuals with public access.
using these vulnerabilities, criminals could access the interface of a device and affect potential form the way it works.
Inside the local network of clinical
the above scenario was one of the ways that cybercriminals could access critical infrastructure of the clinic. But the most obvious and logical way is to try to attack your local network. During the investigation a vulnerability in Wi-Fi clinic was discovered. It could enter the local network through a protocol very weak communications.
When scanning the local network of the clinic, the expert from Kaspersky Lab found some medical equipment that had previously found in Shodan. However this time, to access any password- equipment is not needed because the local network was a reliable network for medical applications and user equipment. This is one way in which an attacker can access a medical device.
continue exploration of the network, Kaspersky Lab expert discovered a new vulnerability in an application of medical device. a shell was implemented in the user interface that could give cybercriminals access to personal information of patients, including their medical records and information about medical tests, as well as their addresses and identification data. Moreover, through this vulnerability could be compromised throughout the controlled device with this application. For example, among these devices could be MRI scanners, cardiology equipment, radioactive and surgical equipment. First, criminals could alter the way the device works and cause bodily harm to patients. Second, criminals could damage the device itself at a huge cost to the hospital.
“The clinics are no longer just doctors and medical equipment, but also IT services. The work of the internal security services of a clinic affects the security of patient data and functionality of their devices. Software engineers and medical equipment put a lot of effort into creating a useful medical device that will store and protect human life, but sometimes they forget completely to protect against unauthorized external access. When it comes to new technologies, security issues must be addressed in the first stage of research and development. Security companies IT could help at this stage to address security issues “ mentions Sergey Lozhkin, Senior Researcher at Kaspersky Lab.
The experts at Kaspersky Lab recommend implementing the following measures to protect the clinics against unauthorized access:
- Use secure to protect all external connection points passwords;
- update security policies IT lead after vulnerability assessments and timely patch management;
- Protect applications of medical equipment in the local network passwords in case of unauthorized access to the area confidence;
- Protecting infrastructure against threats such as malware and hacker attacks with a solution of reliable security;
- Make backups regularly critical information and keep a copy of offline backup.
for more information about the threats in the healthcare industry, please read the blog available in Securelist.
Press Release
Source : Kaspersky Lab
<- facebook comments plugin for! wordpress: http: />/peadig.com/wordpress-plugins/facebook-comments/ ->
No comments:
Post a Comment