Page 20 - index
P. 20
• Compromised video conferencing equipment
• Compromised home healthcare monitoring devices
The potential benefits of the aforementioned IoT are quite promising. However, with that
promise comes a lot of risk. In short, the IoT has the potential to cause significant out-of-
pocket losses for businesses and consumer. A 2014 SANS survey predicted that the
healthcare space will be among the industries that deploy the most IoT-connected devices in
the future. If these devices are not properly safeguarded, the results could be disastrous.
What if a dialysis machine were to be hacked? The physical consequences to patients could
be life-threatening, and the financial repercussions to healthcare institutions are
mindboggling.
The reality is that cybercriminals recognize and are actively seeking ways to exploit Internet-
connected software, applications, systems, and devices.
A Ponemon Institute survey revealed that 94 percent of medical institutions say their
organizations have been the victims of a cyberattack. With the digitizing of all healthcare
records, the emergence of Healthcare.gov, and the amount of electronic protected health
information (ePHI) being transmitted online, the attack surfaces of the healthcare field are
being expanded rapidly.
Our report with SANS showed medical devices, conferencing systems, web servers,
printers, and edge security technologies that had already been exploited to send out
malicious traffic.
There are multiple reasons why the report findings are cause for alarm:
• From the sheer volume of IPs detected in our sample, it can be surmised that there
are already millions of compromised healthcare organizations, applications, devices,
and systems.
• The healthcare industry’s current security practices and strategies simply aren’t
keeping pace with the volume and veracity of attacks.
• Personal healthcare information (PHI) and organizational IP, not to mention medical
billing and payment info, are all increasingly at risk of theft and fraud due to the
attacks.
• Despite government regulation, compliance does not equal security. Companies
cannot achieve compliance and assume their data is protected.
• The costs of these compromises go beyond fines. Class-action lawsuits, potential
fallout from stock prices, and brand damage are just some of costs that can befall
breached entities.
The results of the Norse-SANS Healthcare Cyberthreat Report served to confirm just how
vulnerable the healthcare industry has become, as well as how far behind industry-related
20 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
