Hackers penetrate the medical field
At the end of this year, a conference on topical issues of cybersecurity in the medical industry was held for the first time in Minsk. This is not an idle question, given the adopted Concept for the Development of Healthcare Informatization for 2016-2022. Smart medicine is slowly but surely coming to us. What should she fear?
“So far, cyber-attacks for our medicine are rare and minor incidents, but attempts have been made,” confirms Vyacheslav Shilo
, Deputy Minister of Health. - Today, data for each patient is stored both on paper and in digital format. And while, unfortunately, this information is scattered. Hospitals, clinics, laboratories - their automated information systems are not connected with each other. Our task is to combine them and establish full interaction. The Ministry of Health is preparing a concept of information security, which will quickly implement the protection of personal data of each patient. This is the primary concern.
The cost of ensuring cybersecurity is not small, but the cost of leakage of personal data is much higher, says Andrei Fomenko, coordinator of the WHO primary care improvement project. Moreover, the export of medical services is growing, and more and more often the data of foreigners who are protected by the rules of the European GDPR regulation get into the Belarusian healthcare system. It applies to all companies processing personal data of EU citizens. The penalties for violation of processing or leakage of personal information reach tens of millions of euros ...
What does a hacker want?
Each electronic medical record in other countries (in Belarus it is only planned to introduce it) contains a lot of data that can be used to access insurance accounts, to receive prescriptions for controlled medicines. This is also an opportunity to get medical care under foreign insurance, forging a medical history. And everything will not open as fast as in the case of a credit card.
“Every day we find more than 340 thousand different new malicious files — about 4 every second,” Kaspersky Lab’s antivirus expert Dmitry Galov
outlines the situation. - Now it is a huge industry, a rapidly growing business. We constantly monitor about 200 different hacker groups, more than 20 of them are commercial, attacking “on order”. Three years ago, according to our statistics, 30% of devices in medical organizations around the world were attacked by intruders. Today, pharmacological organizations are becoming increasingly targeted.
The problem of cybersecurity in medicine for the first time received a wide response in 2017, when the WannaСry virus paralyzed the work of the largest hospitals in the UK. They told patients: "We cannot serve you because our computers are out of order." All data: medical history, medical appointments, test results, planned operations - were blocked. At the same time, the Lithuanian plastic surgery clinic was hacked. 25 thousand photos before and after correction of the appearance of patients from 60 countries were posted on the Internet. Then there was the ExPetr epidemic through the program update servers for tax reporting. The Russian Invitro medical laboratory also suffered - its computers did not work for about five days. When people's health is at stake, many organizations choose the lesser of two evils and pay blackmailers to restore data and return the system to working condition.
“The idea of ransomware viruses is to block critical information and demand a ransom for it,” explains Vitaly Spesivtsev
, PhD(eng), leading system analyst at "Bel In Soft". - However, later viruses appeared that did not even provide for the possibility of unlocking. The attacker demanded a ransom in digital currency through an anonymous payment system, and after receiving the required amount disappeared. It is simpler and cheaper. The situation was aggravated by the fact that many victims of the ransomware virus did not back up data. Medical institutions, as a rule, have substantially lower cybersecurity budgets and less qualified personnel providing it (if any). Medical structures often use outdated information systems that do not support the required level of protection. And the need for quick access to data in emergency situations often prevails over the need to ensure their cybersecurity ...
Internet of vulnerable things
Another sensitive area is medical equipment, especially implantable equipment, which has external open network interfaces. Hackers have more and more opportunities to take control of such equipment, which is literally deadly. I recall the story of former US Vice President Dick Cheney, who lived for several years with a pacemaker controlled by the radio, and then, together with his doctor, decided to abandon this option to prevent attempts at attempting his life. It is the wireless interfaces in medical devices - Wi-Fi, Bluetooth, NFC - “loopholes” for hackers who can remotely provoke their abnormal work. The same applies to insulin pumps, neuro implants used to control or regulate brain activity. The attending physician sets up the operation mode of such devices using special programs on a smartphone or tablet. This means that attackers can also influence them if the principles of cybersecurity are not laid down.
“Last year, in the USA, at an annual conference of CyberMed, one expert, a diabetic, during a speech, demonstrated the weakness of implantable and wearable devices: he hacked his own device, which injects insulin, provoking errors in his work,” says Vitaliy Spesivtsev. - The fact is that the manufacturer, first of all, thinks about the main functionality of the device, its effectiveness, convenience and dimensions, and not about protection against intruders. Although any transmitted data is subject to mandatory encryption. And this requires additional computing resources that directly affect the overall characteristics. And here is the choice: either a large and protected product or a miniature and defenseless one. We have this problem so far is not so acute, because the medical Internet of things is still poorly developed. We keep information in paper form and communicate face-to-face with doctors. And this, obviously, has its advantages. There is an opportunity to learn from the mistakes of others.