Healthcare

Published on 01 Apr 2019

Updated on 08 Oct 2019

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.

OVERVIEW

Healthcare providers are going digital with patient records increasingly being stored electronically. They are also adopting medical Internet of Things (IoT) devices to improve operational efficiency and enhance patient care experience. These developments are increasing the vulnerability of the healthcare sector as a high-value target that hackers would target.

media

Healthcare data, which include personal details and medical histories, are generally valuable to hackers as such information can subsequently be traded online, such as in the dark web. Beyond data theft, cyber-attacks on healthcare providers can also potentially endanger lives, such as when data is manipulated to give the wrong drug prescriptions, or devices reconfigured remotely by hackers. With more new systems, including IoT, being introduced to the healthcare network, cybersecurity is therefore essential for preventing and detecting any unauthorised access to the systems.

Singapore’s healthcare sector will continue to embrace technology as part of solutions to address challenges, such as hospitals operating at near-full capacity with manpower constraints, to rising demands for healthcare from a rapidly ageing population. The future Woodlands Health Campus expected to open in 2022 will depend heavily on smart technology, such as telehealth, robotics and artificial intelligence, to improve patient-care against the backdrop of a shrinking workforce. Against the backdrop of such cyber threats, cybersecurity will need to be part of the systems’ design from the outset, before they are deployed within the healthcare network.

REPORTS

RUSSIAN HACKERS STEAL ATHLETES' MEDICAL DATA AGAIN

The International Association of Athletics Federations (IAAF) confirmed in April 2017 that it has been hacked by Russian hacking group (“Fancy Bear”, also known as “APT 28”) in February 2017. The group compromised the servers belonging to the world governing body for athletics, and have likely made off with athletes' medical data. Data on Therapeutic Use Exemption (TUE) applications were targeted. TUEs allow athletes to take normally-prohibited substances when they are required.

The group, believed to be sponsored by Russia’s main intelligence arm, claimed responsibility for leaking Olympic athletes' confidential medical files following an attack against the World Anti-Doping Agency last year and has been linked to interference with the U.S. Presidential Election in 2016.

Read on by clicking on the story below:


FBI URGES HEALTHCARE PROVIDERS TO SECURE FTP SERVERS

The Cybersecurity Responsibility Act, introduced in the US House of Representatives in March 2017, would require the Federal Communications Commission to adopt rules on cybersecurity protections for communications networks. It defines those networks as “for the provision of… radio or television broadcasting, cable service, direct broadcast satellite service, or any other communications service”. The Bill would next have to be approved by Senate before it enters into legislation.

According to the FBI, attackers have targeted vulnerable FTP servers of healthcare facilities so as to gain access to personal data and sensitive health information and use them to intimidate, blackmail and harass business owners. The FBI recommends that all healthcare organisations check if their FTP network servers are running in anonymous mode. If they require the servers to run anonymously, sensitive data should not be stored on that system.
Read on by clicking on the story below:


CHINA PUBLISHED GUIDELINES FOR REGISTRATION OF CONNECTED MEDICAL DEVICES

For the past year, various warnings have been sounded that medical devices that are connected to the Internet for remote monitoring are at risk of cyber-attacks. In January 2017, the China Food and Drug Administration (CFDA) took a step further to address the threats by issuing guidelines for the use of medical devices, as part of the roll-out of China’s new Cybersecurity Law. From January 2018, Chinese medical device manufacturers will be required to register their networked medical devices with CFDA and pass a security assessment.

As a major market, China’s plans should prompt medical device manufacturers to ensure their compliance with the law. China’s guidelines may also be instructive for other countries that are looking to enhance cybersecurity in their respective healthcare sector

Perhaps a note to self: verify before sharing or forwarding news alerts, especially those that are potentially alarming.

Read on by clicking on the story below:


STOLEN MEDICAL RECORDS BECOMING HOTTEST COMMODITIES PEDDLED IN THE DARK WEB

Electronic health records (EHR) are a lucrative business for cybercriminals. A report recently published by TrendMicro TrendLabs states that a complete EHR database could be sold as much as US$500,000 in the cybercriminal underground.

Cybercriminals are always on the lookout for new profitable revenue streams. Data-rich EHR systems, if not fully secured, pose as a huge opportunity for cybercriminals to conduct fraudulent activities which include committing tax fraud and selling fake birth certificates based on data stolen from medical records.

Read on by clicking on the story below:


RANSOMWARE CRIPPLED HOSPITAL SYSTEMS AND CANCEL OPERATIONS

In December 2016, hospital systems in England were taken offline and 2,800 patient operations were cancelled at multiple hospitals after ransomware compromised the National Health Service (NHS) network over four days. NHS made the decision to shut down majority of the systems to contain the virus and divert major trauma cases to neighbouring hospitals.

The incident took place after the U.S. and Canada issued a joint cyber alert in March 2016, warning hospitals and other organisations about a surge in extortion attacks that infect computers with ransomware. Hospitals systems like NHS stores highly-sensitive patient information, making them appealing targets to hackers.

Read on by clicking on the story below:


SOURCES INCLUDE:Forbes, Healthcare IT News, Baker McKenzie, Security Affairs and ZDNet