A cyber security health check for the most vulnerable
Written by Joseph Poppy on 15/02/2019
Perhaps most worrying of all is the fact that scanning activity and even malicious software has been detected on complex medical equipment, such as X-ray machines. Theoretically, if hackers can infect an X-ray machine, they can influence what it does. I’m not trying to suggest that they could give people a more potent blast of radiation than expected, but that’s only because I don’t know how X-ray machines work. The more likely scenario would be that they can be rendered unusable, causing delays in treatment and a tighter squeeze on already strained services, not to mention a distinct lack of superheroes.
To a certain degree, there’s no such thing as ‘out of hours’ for a hospital. This often means, hacking methods that are ineffective elsewhere are successful here. Hacking groups are not necessarily known for their strong morals, so the fact that they risk damaging patient care is not likely to stop them. As stated previously, hackers hack what they can. Outdated software means they can with ease.
No other word in the English language is as simultaneously boring as it is profound. The world is effectively run on a budget, and the healthcare industry has an incredibly finite one. Financial restraints also prevent hospitals and care homes from upgrading to more secure operating systems.
Much of the NHS is being kept afloat by Windows 7 or even XP – which is by no means a bad OS, but its final release was ten years ago, and new vulnerabilities are discovered regularly. In some cases, the healthcare industry is so far behind technology wise, that upgrading en masse is not financially feasible. Instead, medical organisations will have to upgrade bit by bit.
Hope for the industry
Of course, in the wake of that (yes here it comes again) infamous WannaCry incident which took advantage of the EternalBlue exploit, deals have been struck to get the NHS upgraded to Windows 10 as soon as possible. Across the globe we seem to be waking up to the threat of a cyberattack in any and all areas. However, the fact that security will soon be ramped up may mean in the short term, we see a surge in malicious activity. Hackers will be desperate to get in there before it’s no longer possible.
Everyone’s at risk. Everyone can be protected.
Whilst healthcare may sit at the top of everyone’s ‘at risk list’, if the right steps are taken this will certainly change. The right steps will be taken out of necessity should a pattern of attacks emerge. In a wider view, it’s important to realise that every industry is at risk and can be targeted at any moment. Hackers are many and varied, they are not all motivated by the same goal and going after the same targets.
All organisations are responsible for their own security posture. This can be strengthened by strong app design and infrastructure management, which can be tested with a thorough penetration test. Ongoing active monitoring with threat hunting can add another line of defence and help with remediation and forensic investigations. Make sure you’re doing your bit to ensure your industry doesn’t creep to the top of the list.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.