Have any question?

Text or Call (954) 573-1300

Blog

LSeven Solutions Blog

LSeven Solutions has been serving the Fort Lauderdale area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

100 Million Compromised Medical Records Shakes Patient Confidence

100 Million Compromised Medical Records Shakes Patient Confidence

Online threats against healthcare organizations are currently one of the biggest cybersecurity issues. A reported 100-million-plus total medical records have been compromised, according to IBM’s 2016 Cyber Security Intelligence Index. How could a hacker profit off of accessing someone’s medical records? Simply put: ransomware.

The use of ransomware shows enough evidence of a hacker being hard-hearted on its own, but healthcare ransomware suggests an entirely different level of depravity. Hospitals that have been struck by ransomware attacks have found themselves unable to access critical patient records, leaving the administration with little choice but to pay the ransom in order to protect their patients.

Of course, medical records contain other bits of information that hackers would certainly be able to find some nefarious use for. Financial details, home addresses, and social security numbers are all often present within these records, handing the cyber criminal a blueprint to steal your identity.

One particular hacker with the handle “TheDarkOverlord” recently put over 650,000 patient records up for sale on the dark web. TheDarkOverlord was able to obtain these records by taking advantage of some vulnerability in a particular implementation method of remote desktop protocols, before accessing the databases containing the medical records. Rather than posting them for sale immediately, TheDarkOverlord offered each of the affected companies information as to the nature of the vulnerability. Naturally, the hacker demanded money for the vulnerability.

It was only when each of the three companies (one located in Farmington, Missouri, one in Georgia, and one somewhere in the Central/Midwest region) refused to pay, that TheDarkOverlord put the databases up for sale on a dark web marketplace. The Georgia haul has apparently already brought the hacker some money; a buyer purchased all of the insurance records for patients covered by BlueCross/BlueShield from the organization located in Georgia. In a markedly ominous statement, TheDarkOverlord had a message to deliver to these companies:

“Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

Additionally, there have been hacking intrusions into the hospital networks themselves, allowing the hackers to not only steal the medical and financial records hospitals keep on their patients, but also to interfere with the medical devices that sustain many patients. As a result, these attacking criminals are capable of potentially turning off or altering the settings of devices that are being used to keep patients alive, be they full life-support systems or intravenous medication dispensers.

For doctors and hospital administrators, the consequences of these circumstances must be terrifying to consider: after all, they are stuck paying a ransom to avoid facing a malpractice lawsuit.

However, when all of the factors that make healthcare organizations such valuable targets are considered, the lack of preparedness for these attacks that the overwhelming majority of organizations have is astounding. Some of this lack of preparation is almost understandable; after all, hospitals may not have the capability to fully back up all of the data that is produced every day, making it a relatively frightening concept. What’s worse is that 25 percent of those polled have no means of determining whether or not they had been a potential victim of a ransomware attack.

So how can hospital systems (or any industry’s systems, for that matter) be better defended against such attacks? As a high-value target, a healthcare system will almost certainly be targeted eventually. This is especially probable considering that most small businesses will be attacked as well. Therefore, it is in the best interest of any organization to implement a solid plan to defend against these consequences.

  • Establish an isolated backup solution: Whenever there is critical data involved in the day-to-day operation, a backup solution is something that is absolutely necessary for the organization’s safety and security. In the case of a healthcare organization losing their files to some nefarious intruder, a backup will allow them to continue their operations without putting the health and safety of the patients at risk. However, for this backup to be truly effective, it must be isolated from the original system; otherwise, the hacker will likely be able to access the backup as well. As an added advantage, this separation also protects the data against disasters, such as fires, floods, or user error.
  • Implement a reliable defense strategy: Considering that most external attacks take advantage of system vulnerabilities, this facet is intended to remove the vulnerabilities from your system. As vulnerabilities come in different varieties, your strategy will need to be multifaceted to cover all bases. Install and maintain reliable antivirus and malware blockers, and educate yourself and your users on industry best practices for data security.

Has your IT shown symptoms of security vulnerabilities? To fill your prescription for best practice guidelines, be sure to visit L7 Solutions’s blog regularly.

Can the Government Really Stop People From Sharing...
Tip of the Week: 4 Ways to Get Rest and Avoid Burn...
 

Comments

No comments made yet. Be the first to submit a comment
<br />
<b>Warning</b>:  Attempt to read property /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 20
Guest"/>
Already Registered? Login Here
Thursday, 21 November 2024

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 57

Warning: Undefined variable $registration in /home/l7solutions/public_html/templates/ati/html/com_easyblog/comments/form.php on line 91

Captcha Image

Customer Login

Customer Feedback

News & Updates

If you feel like you have too many browser tabs open at any given time, then you'll be happy to know that you can sometimes save certain browser tabs as a standalone application on your device. This will give them their own icon and make accessing th...

Contact Us

Learn more about what L7 Solutions can do for your business.

L7 Solutions
7890 Peters Road Building G102,
Plantation, Florida 33324