Introduction – Ransom ware is coming to medical devices:
Ransom ware is malicious software which encrypts your computer files. When it does so, it becomes practically impossible to decrypt your files how hard you might try. You are trapped and fall into the hands of the creator of this ware. The only way out is in order to decrypt your files, you need to pay a ransom to this online extortionist to retrieve passwords for unlocking files. The bad news is this malicious ware has made its entry in world of medical tourism. The same technique may be employed on insulin pumps and pacemakers too. Ransom ware in medical devices is a serious medical security threat that will plague medical tourism in 2016.
This is how it happens! A sudden chest pain might reveal to your horror that your pacemaker has stopped working. In an instant, a message threat flashes on your mobile if you don’t pay, your pacemaker would go defunct causing your death!
Experts have reckoned that cyber security for medical devices is at stake. Programmed surgical robots and pumps commonly programmed to distribute proper dosage of medication could be vulnerable to this type of assaults. Medical devices security experts fear that it is not improbable to design such a malware. It is feasible from a technical viewpoint.
Cyber security Predictions:
Concentration should be pinpointed on the human element to fight attempts of phishing:
– Basic awareness training programs are not enough to enable the hospital staff to build up a barricade against the phishing assaults.
– Hospitals need to place their employees in the real world simulation to locate risky employees and make sure the employees are conversant with how to locate phishing attempts and the way these attempts should be responded.
Data assets and access paths are to be identified:
– Comprehending the class of data, the wearables and LOT gadgets are accumulating is of prime importance.
– The motive of collection of the data and its relative worth both to those who employ these data for beneficial ends to patients as well as to those who has an interest holding these data for extorting ransom money.
– The access paths to the assets vulnerable to phishing needs identification with commercial access tools like Core impact Pro, Rapid 7’s meta sploit and open source program Fishing Frenzy.
– For sensitive data assets, lower the effect of a phishing assault by employing multifactor authentication.
-Secure the source points for data collection as well as the sites where the data are analyzed.
The existing security functions through a Lot lens should be reassessed:
– In healthcare, the security system should be foolproof.
– In identity and access management, the device context should be factored in.
– Explore into the cloud service providers to help in threat management, incidence response and security operations where the data archives are located.
– Frame policies on data privacy and ownership, approvals, use, ethics and accountability.
Ransom ware in hospitals
The assault of ransom ware in hospitals has taken alarming proportions as illustrated below:
-A large Los Angeles hospital specializing in physical therapy, cancer treatment, maternity care and specialized surgeries fell victim to ransom ware. The hospital was compelled to pay ransom money to the hackers who held the hospital’s computer network a hostage for extortion.
The CEO of the hospital chose to pay as he thought for best interest it was the most prudent step to finish off the issue.
– A Hollywood Presbyterian Medical centre was frank in its open admission that it had paid 17000 USD to the malware armed hackers when it fell victim to the malicious ransom ware trap.
Hacking technique is gaining fast access to both the individuals and organizational set up. Mostly it is with the help of a black sheep in the fold. It is pathetic to observe that a lot of organizations just hide the fact after paying ransom money to the hackers.