Health care organizations under siege from cyberattacks, study says

February 21, 2014

Add this to the list of reasons for consumers to fret over privacy: Health care organizations of all kinds are being routinely attacked and compromised by increasingly sophisticated cyberattacks.

A new study set to be officially released Wednesday found that networks and Internet-connected devices in places such as hospitals, insurance companies and are under siege and in many cases have been infiltrated without their knowledge.

The study was conducted by Norse Corp., a Silicon Valley cybersecurity firm, and the SANS Institute, a security research institute. In the report, the groups found from September 2012 to October 2013 that 375 in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks.

In addition to getting access to patient files and information, the attackers managed to infiltrate devices such as radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers.

"What's concerning to us is the sheer lack of basic blocking and tackling within these organizations," said Sam Glines, chief executive of Norse. "Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything."

"A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed," he added.

The surge in attacks comes as hospitals and doctors across the country are using more and more medical devices that are connected to the Internet in some fashion. It's part of the broader trend known as the "Internet of Things," in which devices increasingly are being fitted with sensors and Internet connections.

In addition, more is being placed online, in part through the growing network of federal and state health insurance exchanges.

"The pace at which technology has allowed our devices to be connected for ease of use has allowed for a larger attack surface," Glines said. "More vigilance is required."

But as the report found, there are often not enough security measures taken to protect these connected devices.

As a result, patient information and privacy can be compromised.

But another troubling aspect is that once attackers gain access to these devices, they can use them to launch attacks on other devices.

Indeed, the report tracked the origin of some of the malicious traffic coming out of medical sites that had been hacked: "The findings of this study indicate that 7 percent of traffic was coming from radiology imaging software, another 7 percent of malicious traffic originated from video conferencing systems, and another 3 percent came from digital video systems that are most likely used for consults and remote procedures."

In following the trails of this malicious traffic, Norse found detailed information about the layouts of hospitals and specifications of various pieces of life-saving equipment.

Glines said the vulnerability can be addressed in many cases. But still, he's worried that may not move quickly enough.

"It's going to accelerate as we have more and more connected devices," Glines said. "With more health care information coming online, it becomes more valuable and therefore a richer target. We expect to see an uptick of breaches related to . It's sort of a perfect storm."

Explore further: Cyberattack traced to hacked refrigerator, researchers report

Related Stories

AT&T, IBM in big data tie-up

February 18, 2014

AT&T and IBM announced plans Tuesday to join forces to help cities, utilities and others use big data analytics to better manage their infrastructure.

Surge in mobile network infections in 2013, says report

January 29, 2014

Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal ...

Recommended for you

New method analyzes corn kernel characteristics

November 17, 2017

An ear of corn averages about 800 kernels. A traditional field method to estimate the number of kernels on the ear is to manually count the number of rows and multiply by the number of kernels in one length of the ear. With ...

Optically tunable microwave antennas for 5G applications

November 16, 2017

Multiband tunable antennas are a critical part of many communication and radar systems. New research by engineers at the University of Bristol has shown significant advances in antennas by using optically induced plasmas ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Feb 21, 2014
Oh, dear, just as UK's NHS wants to centralise medical records...

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.