How did the hospital become a "broiler" in the eyes of hackers?

Recently, the largest health care organizations in the Washington area --MedStar Health network attacks. Relevant security experts and medical officials believe that this incident indicates that the digitization of medical services and medical treatment will face increasingly serious security threats, and so far the field is not ready to deal with related issues.

For many years, the health care field has been the priority of protecting patient data security, but hacking attacks on multiple US medical institutions, including MedStar, indicate that medical data security still has serious drawbacks: coordination for many relying on electronic systems For medical institutions that care for important health data and avoid medication errors, once a hacker launches an attack, the patient's health is at stake.

With the continual change of science and technology, it has become a habit for medical institutions to pursue innovation, but the reality makes them realize quickly that it is especially important to protect patient data and ensure that institutional systems are protected from hackers. The advent of the digital age poses a major challenge to medical institutions that have traditionally used only a small portion of their budgets for cyber defense: in the process of digital construction, medical institutions can only improve their medical staff's awareness of network security and strengthen their technical systems. Respond to the hacker's endless "fancy attacks."

Why does "digital construction" frequently give medical institutions "black"?

1. The protection mechanism is not perfect

The medical industry is a relatively conservative industry, and its security mechanisms are still not mature enough compared to other industries such as banking and IT. John Halamka, chief information officer at Boston Beth Israel's Deaconess Medical Center, said that financial services companies currently spend about a third of their budget on improving their IT capabilities, while hospitals spend only on the total budget. 2% to 3%.

2. The data involves a huge stake

Hospitals often deploy electronic systems to avoid mistakes, and health care workers need to rely on medical data for time-critical, life-critical work. Without a computer system, the pharmacist could not easily view the patient's test results, query other medications taken by the patient, or figure out what allergies the patient might have before dosing. Nurses who manage drugs are also unable to scan the drug and the patient's wristband as the last check to ensure proper dosing. When the test results are only present in the patient's paper file, busy medical personnel may accidentally cause the test results to be lost.

Daniel Nigrin, chief information officer of Boston Children's Hospital, which was attacked by hacker organization Anonymous in April 2014, said: "The status quo in recent months shows that the medical and health field has quickly become the target of hacking. After the attack, the truth is Shocked – these attacks from hackers not only capture the ability to capture patient data, they can even disrupt the day-to-day operations of the medical system.”

In just a few weeks, many medical institutions in the United States have been hacked, and as the attacks have intensified, hackers have become more embarrassing and embarrassing.

MedStar Medical Group is one of the largest employers in the Baltimore-Washington area, with 10 hospitals and 250 clinics and other medical outlets. After being attacked by hackers, although her spokeswoman, Ms. Ann Nickels, declined to reveal in detail which software attack the hospital had suffered, several employees said they saw the content of “ransomware”: unless the victim used bitcoin Pay a ransom, otherwise the software will make the victim unable to use the system. The Medstars claimed: "There is no indication that the data has left our system and that no patient's privacy has been compromised. In addition, we have not paid any type of ransom." Friday afternoon, MedStar released its latest statement. It is stated that 90% of the functions of the system have been restored.

3. The organization was forced to compromise and encourage hackers to "prestige"

Although the emergence of "blackmail virus" is nothing new in the field of network security, data from network security experts and the FBI show that ransomware is still emerging and threatening many industries. In the nine months of 2014, the FBI received 1,838 complaints about ransomware, which estimated that the victims lost more than $23.7 million. The following year, it received 2,453 complaints and the victims lost $24.1 million. The FBI said it could not tolerate the payment of ransom, but had to admit that many companies often faced difficult choices and even were forced to compromise in the face of such a situation.

Justin Harvey, chief security officer at Fidelis Cyber ​​security, said that the hacker's ransom will make them more bold, so that the key infrastructure in the United States is in jeopardy. “I can't comment on whether the FAA and all grids meet the requirements. But the status quo shows that once the security of such organizations does not meet the requirements, they will face serious problems.”

In the face of high-tech "sunspots", how can the hospital respond?

Craig Williams, security promotion manager for a network security research department, said that considerable profitability is the main reason for the ransomware usage. He said: "The real reason for the malware industry to target ransomware is because ransomware profits outperform other types of criminal activities." Currently, the way hackers invade systems is usually through phishing attacks (convincing unsuspecting employees to click A link or attachment in an email, or a security hole in the network. Williams also said that companies without full-time cybersecurity experts have difficulty solving problems in cybersecurity and it is difficult to keep up with the latest patches. Therefore, it is important to establish a reliable cyber defense mechanism, but it is also critical to improve the vigilance of employees within the organization.

Experts say that the current hacking attacks seem to come from Eastern Europe, but it is difficult to say whether it should be the responsibility of a gang. But what is worrying is that as hacker attacks are gradually getting the attention of the mass media, more imitators may be motivated to use the same method to attack other vulnerable networks.

Currently, detailed information about the specifics of MedStar (including which version of ransomware may be used and how it sneaked into the system) is still under investigation. The FBI spokesperson declined to disclose any details, including the type of ransomware, only to show that the FBI was "aware of the incident and is investigating the nature and scope of the incident."

Nose Health Care

Our mission: To protect the health of ear, throat and nose with medical frontier knowledge and technological innovation.
Our vision: Leader in several niche markets of Otolaryngology.
Our values: Change, Enterprising, Share

Nasal Irrigator, Electric Nasal Irrigator, Manual Nasal Irrigator

Ningbo Jiamai Internet Technology CO., Ltd. , https://www.jmcuhyd.com