|
Medical systems, from electronic cases to medical devices, are more vulnerable to attack than we think. If so, the cost is too high to be ignored.
Today, in the black market, the price of medical records is 20 times higher than the price of credit card data. Because medical data is more detailed, cybercriminals can use these more comprehensive data to easily steal identity and scam. More importantly, patients confirm that information has been leaked for a longer period of time, sometimes for up to a year or more.
After the credit card is stolen, the financial institution's system algorithm will quickly detect abnormal activity, and the system will usually provide automatic protection. In contrast, similar protection may not be available in medical systems.
In addition to the vulnerability of the system itself, the vigilance of medical systems for system security is also worrying.
Traditional cyber attacks threaten hospital information systems
Grey software, phishing, Trojan horses, and ransomware... These types of attacks are common to all organizations, but medical systems are particularly vulnerable. Due to the lack of embedded defenses and a lack of awareness relative to other industry security, these types of malware can attack medical institutions' websites, infect mobile devices or other ports, and the results will not only expose sensitive data, but also result in higher costs. IT maintenance costs.
These attacks are not new attacks, but the leakage of patient data is real. Cybercriminals have evolved into a complete grey software chain and platform that can be customized to attack medical systems.
Medical equipment networking, security risks, surge
Today, medical device networking is becoming the norm, from cardiac monitoring to syringes, all automatically connected to the electronic health information system and real-time warning. This is a good thing from the perspective of patient and hospital operations; but from a security perspective, it may be a "nightmare."
Most of these devices, such as MRI devices, CT scans, and myriad diagnostic devices, have never designed any security strategies in them. Many diagnostic systems use off-the-shelf operating systems, such as Microsoft's Windows, and other devices use proprietary software to collect data without ensuring security. These devices are potential attack points, and once attacked, hackers will have unscrupulous access to all data in the device's networked system.
Through networked devices, it may be that not only the patient's data, but also the medical system of the entire medical institution and the normal and effective use of the device.
Personal and family health equipment design lacks safety considerations
Data acquisition terminals have proliferated, and this phenomenon has not only occurred in hospitals. With the increasing use of home healthcare devices, mobile healthcare applications, and wearable devices, the way to collect and transmit personal health information is rapidly increasing. Not only such devices and applications may expose personal health data information (or at least not protect such data), but once the data and electronic case record and medical data system interface are established, it becomes a possible entry point for data leakage. As with hospital diagnostic equipment, most of these home health or wellness applications are designed with more innovative features that don't focus on data security.
In today's era of mobile internet, whether at the network layer or the application layer, it is time to consider the data security of medical systems and avoid the possibility and risk of leakage and theft.
|
