To be updated.
Wannacry Aftermath: Number of attacked medical devices declines globally, but not in some Asia Pacific countries
Human-factor remains healthcare security’s biggest loophole, says Kaspersky
By EDD K. USMAN, SDN, Twitter @edd1819, Instagram @bluestar0910, Facebook: SDN — Science, Digital & Current Newss
YANGON, Myanmar (SDN), September 5 — CYBER bad guys have made the Philippines one of the world’s most targeted countries in 2018.
Web attacks staged by denizens of the underworld of cyber space have elevated the country to second place at 76 percent concerning the healthcare sector.
The Philippines is eclipsed only by Venezuela, the No. 1 at 77 percent.
One of Kaspersky’s young “cyber avengers” — Yuri Namestnikov of Russia — revealed this here during the global company’s 5th Cybersecurity Weekend (CSW) 2019.
Namestnikov, director of GReAT (Global Research and Analysis Team), Russia Kaspersky, these figures in his presentation titled “It’s time to take care of healthcare.”
He said Libya (the war-torn North African country) is fourth at 75 percent, Argentina is fifth most subjected to web attacks at 73 percent.
Kaspersky’ report concerns 2018, during which web attacks against devices and healthcare facilities slightly declined to 28 percent, compared to 30 percent in 2017.
The Russian cybersecurity vendor noted in its report the healthcare sector “seems to be learning their lessons” over “two years after the infamous Wannacry ransomware crippled medical facilities and other organizations worldwide.”
Cyber attacks on the healthcare sector, it pointed out, experienced a lesser number (one-third lesser) incidents on medical devices for the current year.
But as the attacks on other parts of the world decreased, still other parts of the world were not as lucky, prompting Kaspersky to issue a warning anchored on its latest data on web attacks.
It added that Bangladesh and Thailand are the two other Asia Pacific (APAC) region countries that got into the Top 15 nations hit by the most number of detected infections.
Kaspersky’s cyber warriors got the numbers after dividing the number of devices in medical organizations in the countries leveraging its cybersecurity solutions by the number of devices where malicious codes were detected.
By “medical devices,” these include all servers, computers, mobiles and tablets, Internet of Things (IoT) gadgets, and hospital machines that are connected to the internet inside a healthcare facility.
Wannacry was thought to have given a huge lessons to all, supposed to be
Namestnikov cited governments’ vital role in security.
“In as much as we want to believe that everybody was awakened by the damage brought about by the Wannacry attack, the reality is that some countries are still lagging behind securing their medical devices.
“One factor we observe is that the chances of being attacked really depend on how much money the government spends on cybersecurity in the public health sector.
Another key reason is the low level of cybersecurity awareness the people inside medical facilities have,” Namestnikov emphasized.
A Kaspersky survey in healthcare sector in US and Canada uncovered that nearly a third of all respondents (32%) said that they had never received any cybersecurity training from their workplace. There is also one-in-10 employees in management positions which admitted that they were not aware of a cybersecurity policy in their organizations.
In terms of the loopholes cybercriminals use to infect hospitals and medical facilities, Namestnikov noted that outdated Microsoft office accounts to 59% of all exploit attacks in 2019. It is followed by EternalBlue (32%), which is related to Wannacry, as well as Android devices (2%) which are gaining increased access in medical networks.
Remote-controlled surgery coming
“Medical infrastructure has a lot of devices, some of them portable, most of them are becoming more and more connected to the internet. There’s even a technology being developed which will soon allow doctors to do surgeries remotely.
“We’re definitely entering the era of the ultra-connected medicine. And I have to say that, while we welcome these advancements, we cannot deny that these will open wider doors for cybercriminals. This is a truth the healthcare sector should take into consideration, seriously,” he added.
Acknowledging the serious threat cybercriminals can do against healthcare, Kaspersky suggests medical facilities to:
Take cybersecurity seriously.
— Cyberattack in this field should be addressed professionally as it is now a potential risk to someone’s life.
— All individuals inside a hospital, a clinic, or a medical infrastructure should fully understand the latest cyberthreats and commit to beefing up their workforce, systems, and tools to combat these malicious attacks.
— Services with threat data feeds and threat intelligence reports can help the healthcare sector understand and prevent potential cyberattacks.
Verify the security capabilities of your third party suppliers.
— Medical machines are usually costly and with warranties as long as 10 years. Makers of such healthcare devices should look into building a secure-by-design hardware which is ready for future vulnerabilities.
— Vendors should also look at forming an incident response team in case of cyberattacks.
Review access servers.
— Hospitals and medical facilities are becoming more and more reliant to the internet, hence it is a must to check who has access to which servers and data.
— Hospital is a public place. An ex-employee can do a lot damage, thus, removal of ex-employee credentials from systems should be taken care of.
IT security regulation is a must.
— Similar to the financial sector, relevant public and private should start drafting laws and regulations which aim to address the escalating threats against the healthcare sector. (SDN/Kaspersky)
Security awareness training for all employees in clinics, hospitals, and other related facilities is more than necessary.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.
The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at http://www.kaspersky.com.