{"id":5361,"date":"2016-03-31T16:51:17","date_gmt":"2016-03-31T16:51:17","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5361"},"modified":"2020-04-10T03:33:20","modified_gmt":"2020-04-10T07:33:20","slug":"healthcare-and-cyberscare","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/healthcare-and-cyberscare\/5361\/","title":{"rendered":"Healthcare and cyberscare: study shows how vulnerable hospitals are"},"content":{"rendered":"

Public studies\u00a0aren\u2019t fear-mongering, however some cybersecurity-related news may make one feel uneasy. That\u2019s the case with the Kaspersky Lab\u2019s Global Research & Analysis Team (GReAT) field study of the security of hospitals\u2019 IT systems<\/a>. As one may have already guessed, the situation there is, let\u2019s say, not good.<\/p>\n

The reason for this research is practical. As GReAT\u2019s Sergey Lozhkin writes in his report at Securelist, the year 2016 started with a number of security incidents related to hacks of hospitals and medical equipment.<\/p>\n

\u201cThey include a ransomware attack on a Los Angeles hospital, the same in two German hospitals, a case of researchers hacking a patient monitor and drug dispense system, an attack on a Melbourne hospital and so on \u2013 in just two months of 2016! This should be a real concern for the security industry.\u201d<\/p>\n

Indeed.<\/p>\n

One could expect as much<\/strong><\/p>\n

Unfortunately, it is not a surprising development. Hospitals are very attractive targets for cybercriminals: lots of data, including the patients\u2019 personal information; also lots of internet-connected devices, including specialized medical equipment, not just PCs and staff\u2019s and patients\u2019 handhelds.<\/p>\n

Mr. Lozhkin\u2019s research proved that attackers can gain full access to the entire medical infrastructure.<\/p>\n

\"Modern-hospital-infrastructure_fnl\"<\/p>\n

\u201cImagine a scenario \u2013 one that could be called a truly \u201ctargeted attack\u201d \u2013 whereby cybercriminals with full access to the medical infrastructure at a specific facility can manipulate the results of diagnosis or treatment systems. Because doctors in some cases will depend heavily on these sophisticated medical systems, such manipulation could result in the wrong treatment being given to a patient, worsening his or her medical condition.\u201d<\/p>\n

If it sounds like a scenario from some \u2018Mission Impossible\u2019 movie, i.e. unrealistic, we have to state regretfully that it is actually very realistic.<\/p>\n

And at the recent Kaspersky Security Analysts Summit Sergey Lozhkin presented his research showing how easy it was to find a hospital, get access to its internal networks, and gain control of an MRI device \u2013 locating personal data about patients and their treatment procedures, and then getting access to the MRI device file system.<\/p>\n

\u201cThe problem is not only one of weak protection of medical equipment, it has a much wider scope \u2013 the whole IT infrastructure of modern hospitals is not properly organized and protected, and the problem persists worldwide\u201d, Lozhkin says.<\/p>\n

His report for Securelist is available here<\/a>.<\/p>\n

Below is 10-minute video interview with Mr. Lozhkin regarding his presentation at the SAS 2016.<\/p>\n