Economic gain is the fuel that motivates cyber-criminals. There are thousands of credit cards stolen, infected computers and POS terminals, and kidnapped information that cyber-criminals use in order to make large sums of money. These victims are in the line of fire, and are willing to pay these ransoms in order to get their private information back.
Recently, we have seen particular cases of large scale attacks that are designed specifically for industries, like the hotel sector or certain financial institutions, but can you imagine what would happen if a hospital fell into the hands of a cyber-criminal? PandaLabs, Panda Security’s anti-malware laboratory, presents a new whitepaper, “The Cyber-Pandemic”, with examples of real threats that seem science fictional but can affect us all.
A History of Attacks
The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.
A Timeline of the Most Notorious Attacks
2008: The University of Utah Hospital and Clinics announced that the private information belonging to 2.2 million of their patients was compromised. The information was stored on backup tapes belonging to an external employee that was subcontracted, who failed to comply with the established protocols.
2015: One of the most infamous attacks that was aimed at the second largest Insurance company in the United States, Anthem. In this attack 80 million customer records was stolen, including sensitive data such as Social Security numbers.
2016: The cyber-attack that hit the Hollywood Presbyterian Medical Center in Los Angeles left their employees without access to patient medical records, emails and other systems. As a result, some patients could not receive treatment and had to be transferred to other hospitals. What was the ransom? 3.7 million dollars.
They Can Hack Our Health
These attacks have demonstrated that these cyber-criminals are capable of shutting down all hospital activity, When we take into account all the medical equipment that is connected to the network, we can imagine how this cyber-pandemic could affect any ordinary person.
In 2013, former U.S. Vice President Dick Cheney revealed that his doctors disabled wireless communication on his pacemaker because they saw that it was highly possible for someone to remotely attack his device if they wanted to. Globally known hackers have demonstrated how it is possible to remotely alter a portable insulin pump that is used by thousands of diabetics or how to remotely manipulate a pacemaker in order to send a life-threatening electric shock.
In a hospital room, everything from the belts that raise your feet to the infusion pump that injects your medicine is connected to a computer. To demonstrate how easy it is to access this equipment, a number of these machines were tested to alter the dose of medicine to lethal levels. This can be done on more than 400,000 of these pumps throughout the world that remain vulnerable.
How Can We Avoid These Attacks?
It is important to take note: paying a ransom does not guarantee that stolen documents or information will be returned. The ransom payment did not secure that the victim got back their documents in any of these examples. It is better to avoid this altogether. Here are some of PandaLab’s recommendations on how you can avoid a cyber-pandemic:
- Depend on a cyber-security solution that has both advanced protection functionalities and is also able to detect and remedy possible threats.
- There is something in common in all of the systems that were targeted in the attacks: a lack of control. What would have helped prevent these attacks is a cyber-security solution that is capable of controlling all running processes, in every machine, connected to the network.
- Revise staff policies and control systems in order to adjust the privacy requirements and adapt them to available technology.
- Keep all operating systems and company devices updated.
To help the Healthcare sector stay ahead of cyber-crime, Adaptive Defense 360 offers complete security to fight off attacks. Adaptive Defense 360 provides everything that your company may need to remedy known vulnerabilities.
Download this whitepaper and learn how to avoid a “Cyber-Pandemic”, here:
Check out our Cyber-Pandemic Infographic