Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

New Locky Ransomware Takes Another Turn

A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.

New Locky Ransomware Takes Another Turn

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Threat Predictions for Connected Health in 2018  (Read 10 times)

0 Members and 1 Guest are viewing this topic.

ScarlettTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Cymru
  • Posts: 22470
Threat Predictions for Connected Health in 2018
« Reply #1 on: November 15, 2017, 11:16:43 AM »
Threat Predictions for Connected Health in 2018
15 November 2017, 11:02 am



The landscape in 2017

In 2017, Kaspersky Lab research revealed the extent to which medical information and patient data stored within the connected healthcare infrastructure is left unprotected and accessible online for any motivated cybercriminal to discover. For example, we found open access to around 1,500 devices used to process patient images. In addition, we found that a significant amount of connected medical software and web applications contains vulnerabilities for which published exploits exist.

This risk is heightened because cyber-villains increasingly understand the value of health information, its ready availability, and the willingness of medical facilities to pay to get it back.

What can we expect in 2018?

The threats to healthcare will increase as ever more connected devices and vulnerable web applications are deployed by healthcare facilities. Connected healthcare is driven by a number of factors, including a need for resource and cost efficiency; a growing requirement for remote, home-based care for chronic conditions like diabetes and ageing populations; consumer desire for a healthy lifestyle; and a recognition that data-sharing and patient monitoring between organizations can significantly enhance the quality and effectiveness of medical care.

The threats facing these trends over the coming 12 months include the following:

Attacks targeting medical equipment with the aim of extortion, malicious disruption or worse, will rise. The volume of specialist medical equipment connected to computer networks is increasing.  Many such networks are private, but one external Internet connection can be enough for attackers to breach and spread their malware through the ‘closed’ network. Targeting equipment can disrupt care and prove fatal – so the likelihood of the medical facility paying up is very high.

There will also be a rise in the number of targeted attacks focused on stealing data.  The amount of medical information and patient data held and processed by connected healthcare systems grows daily. Such data is immensely valuable on the black market and can also be used for blackmail and extortion. It’s not just other criminals who could be interested: the victim’s employer or insurance company might want to know as it could impact premiums or even job security.

There will be more incidents related to ransomware attacks against healthcare facilities. These will involve data encryption as well as device blocking: connected medical equipment is often expensive and sometimes life-critical, which makes them a prime target for attack and extortion.

The concept of a clearly-defined corporate perimeter will continue to ‘erode’ in medical institutions, as ever more workstations, servers, mobile devices and equipment go online. This will give criminals more opportunities to gain access to medical information and networks. Keeping defenses and endpoints secure will be a growing challenge for healthcare security teams as every new device will open up a new entry point into the corporate infrastructure.

Sensitive and confidential data transmitted between connected ‘wearables’, including implants, and healthcare professionals will be a growing target for attack as the use of such devices in medical diagnosis, treatment and preventative care continues to increase.  Pacemakers and insulin pumps are prime examples.

National and regional healthcare information systems that share unencrypted or otherwise insecure patient data between local practitioners, hospitals, clinics and other facilities will be a growing target for attackers looking to intercept data beyond the protection of corporate firewalls. The same applies to data shared between medical facilities and health insurance companies.

The growing use by consumers of connected health and fitness gadgets will offer attackers access to a vast volume of personal data that is generally minimally protected. The popularity of health-conscious, connected lifestyles means that fitness bracelets, trackers, smart watches, etc. will carry and transmit ever larger quantities of personal data with only basic security – and cybercriminals won’t hesitate to exploit this.

Disruptive attacks – whether in the form of denial of service attacks or through ‘ransomware’ that simply destroys data (such as WannaCry) – are a growing threat to increasingly digital health care facilities. The ever increasing number of work stations, electronic records management and digital business processes that underpin any modern organization broadens the attack surface for cybercriminals.  In healthcare, they take on an extra urgency, as any disruption can in real terms become a matter of life or death.

Last, but not least,  emerging technologies such as connected artificial limbs, implants for smart physiological enhancements, embedded augmented reality etc. designed both to address disabilities and create better, stronger, fitter human beings  – will offer innovative attackers new opportunities for malicious action and harm unless they have security integrated from the very first moment of design.



Source: Securelist - Information about Viruses, Hackers and Spam

>> To obtain the full Kaspersky Lab Securelist article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle