magazine
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Healthcare:<br />
new cyber risks<br />
From doctors using smartphones at work to connected<br />
devices with password vulnerabilities, there are<br />
numerous cyber risks facing the health industry<br />
Heart defibrillators ‘face cyber attack’<br />
In 2013, the risks of “connected”<br />
healthcare devices were shown off<br />
starkly in America: 300 gadgets –<br />
including heart defibrillators and patient<br />
monitors – had dangerous password<br />
vulnerability that could have been<br />
exploited by cyber attackers, according<br />
to the Food & Drug Administration (FDA).<br />
“The vulnerability could be exploited to<br />
potentially change critical settings and/<br />
or modify device firmware,” it warned.<br />
Cyber war ‘inside the human body’<br />
Europol’s European Cybercrime<br />
Center and the International Cyber<br />
Security Protection Alliance claim that<br />
medical implants could be targeted<br />
by cybercriminals – and that even<br />
augmented-reality devices used by<br />
patients could be vulnerable, with<br />
attacks built to create hallucinations.<br />
Should we be ‘appy’ when doctors<br />
bring their own?<br />
Most hospitals now permit clinicians<br />
to BYOD – bring your own device –<br />
to the workplace. PwC’s Top Health<br />
Industry Issues 2013 report said that<br />
85% of hospitals allow this. Just last<br />
August, the United States Computer<br />
Emergency Readiness Team released<br />
a statement saying it was aware<br />
of a breach of ‘sensitive patient<br />
identification information’ affecting<br />
some 4.5 million patients.<br />
Medical data – is it secure enough?<br />
The Identity Theft Resources Center<br />
claims that the medical industry<br />
accounted for 43% of all data breaches<br />
in 2014. ESET senior researcher Stephen<br />
Cobb says, “Healthcare has seen rapid<br />
growth in the use of digital systems.<br />
But despite a regimen of rules aimed at<br />
safeguarding the privacy and security<br />
of patient data, in the US the sector is<br />
currently rife with security breaches.”<br />
Medical phishing: a new frontier<br />
Cybercriminals have become smarter<br />
at impersonating banks, but new<br />
phishing campaigns use cancer scares<br />
to target victims. Emails purporting<br />
to be blood-test results go on to<br />
infect computers when opened. In<br />
one campaign in Britain, the National<br />
Institute for Health and Care Excellence<br />
(NICE) said, “ We’re aware a spam email<br />
is being sent regarding cancer-test<br />
results. This email is not from NICE.<br />
If you have received the email, do not<br />
open the attachments.”<br />
Leaks can damage your health<br />
Security issues that lead to information<br />
about medical conditions leaking can<br />
cause serious financial and emotional<br />
harm – and researchers have found<br />
that even “secure” browsing may not be<br />
private. They revealed a technique for<br />
identifying individual Web pages visited<br />
“securely,” with up to 89% accuracy,<br />
exposing data such as health and<br />
financial details and sexual orientation.<br />
Images © Rex Features<br />
10 welivesecurity.com