Email
Password
Remember meForgot password?
    Log in with Twitter

article imageState of play: One year on from WannaCry ransomware outbreak

By Tim Sandle     Apr 5, 2018 in Business
The one year anniversary of the WannaCry ransomware outbreak, which severely impacted global healthcare organizations, edges closer. A new report assess how well hospitals and healthcare facilities have respond in terms of new technology and systems.
In a new report, global security company Trend Micro examines the areas of vulnerabilities and threats related to the healthcare industry. The intention of the report to help healthcare organizations understand, measure and mitigate their information security risks. This has been issued close to the anniversary of the global WannaCry cyberattack (which was covered by Digital Journal).
Through the research, Trend Micro has uncovered that a year later, despite additional resources being put into many healthcare systems, the scare of WannaCry may not have resulted in more secure healthcare environments. Instead the report finds that many critical systems and devices exposed, making them a potential target for another major attack.
The main findings from the "Securing Connected Hospitals" report shows how several systems are vulnerable, including device firmware attacks, and website, electronic health records and internal portal open to compromise. The report also identifies potential risk sources as being a mix of insider threats from hospital and vendor staff and applications provided by third-party vendors. With this second category, included in this are mobile health (mHealth) mobile apps, which is of concern given the extent to which this area is anticipated to expand over the next few years.
The types of malicious scams include source code compromise during manufacturing together with spear phishing from trusted email accounts. These threats lead into advice from Trend Micro as to what healthcare companies can to to prevent attacks. This includes:
Performing vulnerability assessments of new medical devices.
Ensuring that bring your own device (BYOD) programs should include authentication using Network Access Control (NAC) before allowing access to the network.
Only purchaing medical devices from manufacturers who go through rigorous security assessments of products during design and manufacture.
Developing plans for patching and updating code or firmware for devices implanted in patients and hospital medical equipment.
Performing risk assessments of all suppliers and vendors in the supply chain and do background checks on employees who have access to medical devices.
Performing security, vulnerability, and penetration testing to the hospital network and software to make sure they are safe from hackers.
In addition, the use of a firewall is important, especially when coupled with an effective antivirus and antimalware suite. Many antivirus software packages take the form of disc scanners, and these should be run regularly (ideally at a time when the computers are not in use due to the tendency to slow systems down).
One interesting part of the analysis related to Canadian healthcare organizations, which are called out as being especially vulnerable. This is because more than 79 percent of all exposed devices and systems in hospitals around the globe can be traced back to one hospital in Canada. Furthermore, Canada ranks 13 out of the 20 countries with the highest number of medical imaging information exposed. This suggests the importance of adopting both a global set of measures and avtivities geared towards national vulnerabilities.
More about wannacry, Ransomware, Virus, Cybersecurity, Healthcare
More news from