Information Security in Medicine

2023

U.S. authorities release medical device cybersecurity rules

On September 27, 2023, the U.S. Food and Drug Administration (FDA) released guidance on the cybersecurity of medical devices. The document is designed to help developers and manufacturers of healthcare devices comply with the requirements to ensure the protection of their products.

It is said that the problem of cybersecurity in the medical field is becoming more acute as equipment becomes overgrown with communication capabilities. Many devices support wired and wireless communication, and therefore are increasingly becoming targets for hackers. Meanwhile, interference in the operation of such devices can result in the most sad consequences - up to the death of patients.

FDA unveils medical device cybersecurity guidance

Increased connectivity has led to individual medical devices becoming part of integrated healthcare IT systems. Such platforms may include data storage servers, information processing systems, software update distribution facilities, and other related components. Thus, a cyber attack on one component can provoke failures in the work of others and lead to an IT collapse.

The FDA guidance addresses various aspects of ensuring the information security of medical devices. These are, in particular, authentication and authorization tools, cryptographic tools, firmware and software updates, compliance with data privacy requirements, event recording, interoperability, use of third-party software modules, etc. The devices should be evaluated by the manufacturer in terms of potential vulnerabilities and weaknesses. The recommendations have been prepared taking into account more than 1800 comments received as part of the project development.^[1]

Russian clinics were subjected to mass mailing of letters from scammers

The Russian medical institutions have faced sending letters from scammers who Roskomnadzor demand on behalf of them to eliminate "violations" in the storage of personal data patients. To do this, they offer their services, thus trying to get full access to the sensitive. information This was announced on September 18, 2023 by the press service of the deputy. State Duma of the Russian Federation Anton Nemkin

Шаблон:Quote 'At the same time, the medical organization that receives this letter has timely and fully entered all the necessary information, - Izvestia quotes the words of a lawyer of one of the organizations that received such a letter.

Any attempts to find out details about "violations" end with the fact that "representatives of commercial firms" insist on the need to conclude an agreement with them so that they independently enter data without violations. Such a scheme allows criminals to gain access to information that should be protected by the Law "On Personal Data," after which they organize the leakage of information about addresses, contact details, names, age, state of health, family composition and diagnoses of consumers of medical services, experts warn. In addition, in the hands of fraudsters, sensitive data on the health of patients of clinics are provided, which they can use for financial fraud, blackmail, as well as medical identification fraud - when someone receives services posing as another person. Also, the data obtained can be sold on the black market.

The press service of the ILV recalled that only address letters are officially sent and only from mailboxes in the @ rkn.gov.ru domain. In this case, any letter is drawn up on letterhead. The department recommended, when receiving dubious letters, to carefully check the author and the sending organization, as well as, in case of doubt, contact them for appropriate explanations.

The medical organization can be subjected to administrative responsibility under Art. 13.11 of the Code of Administrative Offenses of the Russian Federation "Violation of the legislation of the Russian Federation in the field of personal data," said Jamali Kuliev, lawyer of the Yukov & Partners spacecraft.

As a result of such leaks, data gets into the network or into the hands of fraudsters, the publication of which can greatly affect a person. For example, information about any serious disease that a person carefully hid even from loved ones may become public knowledge - there are different reasons for this, the right to medical secrecy cannot be taken away from people. Scammers can also call the victim of the provoked leak and try to impose drugs or treatment to lure money out and leave with nothing. Therefore, medical institutions should be especially attentive to the information security of their resources, not to save on equipment, and also try to engage in at least minimal education of their employees about the basics of network security. Otherwise, numerous courts with affected clients and Roskomnadzor are not excluded, which clearly will not affect the work of the organization positively, the deputy said.

In this case, those who work with such a sensitive category of personal data will have an incentive to do their work more consciously, act competently when faced with fraudsters and not endanger themselves, patients, or the medical institution as a whole, the parliamentarian added.

Ransomware attack on Varian IT systems paralyzes equipment in hospitals

In early August 2023, Siemens Healthineers announced that the computer infrastructure of its subsidiary Varian Medical Systems was subjected to a cyber attack, behind which is the LockBit ransomware group. The hacker invasion paralyzed the operation of equipment in medical institutions. Read more here.

Stopping the distribution of preferential medicines due to a hacker attack

The issuance of preferential medicines in the Primorsky Territory was suspended due to the hacking of the IT system of the pharmacy network. On July 14, the Minister of Health of the region Anastasia Khudchenko wrote about this in her Telegram channel. Read more here.

Eisai was the victim of a ransomware attack

The Japanese pharmaceutical a company Eisai specializing in development and production, and cancer drugs dementias other diseases, recently reported that it was faced with, attack programs extortioners which significantly affected the company's operations. This became known on June 8, 2023. More. Eisai (Eisai)#.2A2023:.D0.9A.D0.B8.D0.B1.D0.B5.D1.80.D0.B0.D1.82.D0.B0.D0.D0.BA.D0.B0here

German pharmaceutical company Evotec shut down IT infrastructure after cyber attack

On April 7, 2023, the German pharmaceutical company Evotec reported a cyber attack on its IT infrastructure. As a result of the hacker invasion, various systems suffered, and experts decided to disconnect them from the Internet. Read more here.

Tallahassee Memorial HealthCare cancels non-urgent operations due to cyber attack

On February 2, 2023, it became known that the American medical institution Tallahassee Memorial HealthCare was forced to redirect patients to other institutions and cancel all non-emergency surgical procedures after a cyber attack was carried out on the hospital. Read more here.

2022

FDA: Medical equipment does not even have basic protection against cyber attacks

In mid-December 2022, it became known that the US Food and Drug Administration (FDA) is pushing for additional funding to improve the cybersecurity of medical devices. The problem is that such equipment often does not even have basic protection against cyber attacks.

The increase in the number of digital devices used by medical institutions over the past decade has led to a corresponding increase in the number of discovered vulnerabilities affecting systems ranging from infusion pumps to autonomous robots. In September 2022, the FBI warned that this situation opens the door for cybercriminals and ransomware groups attacking hospitals and medical facilities.

Medical equipment has no protection against cyber attacks

Vulnerabilities have been identified in insulin pumps, intracardiac defibrillators, mobile heart telemeters, pacemakers and intrathecal pain pumps. Attackers can access devices and change readings, inject an overdose of drugs, or "otherwise endanger the health of patients." The problems are aggravated by the lack of built-in security functions in such devices and the impossibility of updating. Experts say that such a state of affairs is unacceptable against the backdrop of an ever-growing number of medical devices connected to a computer network.

It is noted that the number of vulnerabilities will only increase as the software becomes more complicated and medical devices are digitized. But suppliers of medical equipment are in no hurry to solve problems, since, as they say, making drastic changes to the architecture of devices can be too expensive and burdensome. In general, the worsening situation in the field of safety of medical equipment poses a greater risk to the health of patients, and can also result in huge financial losses for medical institutions.^[2]

Named the main trends in the field of cybersecurity of medical equipment

On December 27, 2022, Becker's Healthcare medical portal outlined the main trends in the field of cybersecurity of medical equipment: they were reported by the information security directors of large healthcare institutions.

It is noted that the situation in the named area is deteriorating. The problem is that medical equipment often does not even have basic protection against cyber attacks. Vulnerabilities have been identified in a variety of devices - from insulin pumps and intracardiac defibrillators to pacemakers and robotic medical equipment. And this not only opens the door to attacks on hospitals, but also creates an immediate threat to the lives of patients.

According to experts, even basic cyber protection is absent in medical equipment

The survey included the information security directors of the Michigan Medicine Center, the nonprofit Renown Health Health Network, as well as Edward-Elmhurst Health, Miami Health System and Intermountain Healthcare.

Experts say that cybercriminals are increasingly focusing on the financial performance of the target when choosing goals in the healthcare sector. This potentially allows you to get the maximum ransom in the event of a successful ransomware attack. One trend is that in 2022, attackers switched from encryption to the complete destruction of information in the victim's computer network. This approach ensures that hackers have a single copy of the files of the attacked organization, which eliminates any possibility of recovering data without payment.

Ransomware gangs were able to successfully exploit the shortcomings of health care security in large quantities. We are also seeing a trend towards data destruction compared to ransom demands for decryption, "emphasizes Steven Ramirez, director of information security at Renown Health.

It is noted that medical institutions should focus on the basics of security with early detection, access control, protective mechanisms and use new technologies such as deception and artificial intelligence. But the problem may be insufficient funding.

Healthcare segment still dominated by ransomware hacks and attacks

"As the available funds for cybersecurity spending in this sector are reduced, providers should consider ways to attract and study the real problems of individual companies or institutions to which they prioritize," said Jack Kufahl, director of information security at Michigan Medicine.

Experts call the increased intensity of cyber attacks in the healthcare sector another trend. In particular, the number of fraudulent schemes associated with has increased. phishing Several other major cybercriminal tactics also stand out: zero-day attacks, attacks on, supply chains multi-stage attacks, and attacks on devices Internet of Things and medical devices connected to a computer network.

In general, as noted, in 2022, the healthcare segment was still dominated by hacks and ransomware attacks aimed at obtaining ransom. At the same time, new legislative initiatives are being discussed to protect the privacy and security of patient data.

"Criminal organizations continue to double the intensity of attacks on medical organizations, disrupting their activities and extorting profits. The good news is that there has been momentum in the partnership between the United States government and the health care industry to strengthen cyber defenses, "says Erik Decker, director of information security at Intermountain Healthcare[3]

In two regions of Sweden, people cannot receive medical care for several days due to a cyber attack on city IT systems

In mid-December 2022, a crisis situation was declared in the Swedish municipalities of Borgholm and Mörbilong after a cyber attack on their IT systems. Citizens cannot receive medical care, and doctors switched to pen and paper.

The invasion of the common IT system used by the two municipalities, which together make up the island of Öland with a population of just over 25 thousand people, was confirmed. Read more here.

Due to a cyber attack, the French hospital stopped working and sends patients to other medical institutions

On December 4, 2022, the Ministry health care France disclosed that a hospital complex in Versailles, not far from, was subjected to a hacker attack. As a Paris result of the hack, the medical institution was forced to suspend work and redirect some of the patients to other hospitals. More. here

The market size of medical equipment protection systems is estimated at $6.57 billion

On October 10, 2022, ResearchAndMarkets analysts published a study according to which the global medical device safety market will amount to $6.57 billion in 2022 and is expected to reach $9.85 billion by 2027 with a growth rate of 8.43%.

According to experts, the dynamics of market development is a consequence of the forces that affect the prices and behavior of participants in the global market for medical device protection systems. The forces of market dynamics can be associated with both macro- and microeconomic factors.

In addition to prices, supply and demand, there are other factors of market activity. The emotional factor of a person can also determine decisions, influence the market and form market signals.

The report presented the following factors in the dynamics of the medical equipment protection market:

• Increase the number of cases cyber attacks and threats in the sphere health care
• Growing Demand for Connected Medical Devices
• Favorable government regulation
• Growing geriatric population and consistent growth in chronic disease management

Restraining factors:

Limited budgets for safety in health care

Possible prospects:

• Implementation in Sensor Wireless Mobile Medical Devices
• Increased number of acquisitions, partnerships and collaborations
• Growing Adoption of Advanced Cloud Solutions for Healthcare Security

Issues to Address:

• Inadequate implementation of medical device protection systems in developing countries
• End devices pose challenges to cybersecurity in healthcare

The following companies are named the largest manufacturers of cyber protection systems for medical equipment:

• Broadcom Inc.
• CA Technologies, Inc.
• Cisco Systems, Inc.
• Check Point Software Technologies Ltd.
• ClearDATA
• CloudPassage
• CyberMDX Technologies Inc.
• Cynerio Israel Ltd.
• DXC Technology Co.
• Fidelis Cybersecurity, Inc.
• FireEye, Inc.
• Fortinet, Inc.
• GE Healthcare
• Trellix
• IBM Corp.
• Imperva, Inc.
• McAfee Corp.
• Medigate Tech Ltd.
• Ordr, Inc.
• Palo Alto Networks, Inc.
• Koninklijke Philips N.V. Scaler, Inc.
• Sophos Group PLC
• Sternum Ltd.
• Symantec Global Medical Device Security Market (2022 to 2027) - Featuring Broadcom, CA Technologies, Cisco Systems, Check Point Software Technologies and ClearDATA Among Others - ResearchAndMarkets.com^[4]

Hospital in Paris attacked by ransomware virus

On August 25, 2022, the Center Hospitalier Sud Francilien medical center, located 28 km from the center of Paris, suffered at the hands of hackers - they managed to introduce a ransomware virus into the institution's IT systems. The center serves an area with a population of 600 thousand people due to hacking, medical staff are forced to send patients to other medical institutions and postpone planned operations. Read more here.

The Ministry of Health of the Russian Federation creates a center for information security and import substitution of software

On June 22, 2022, the Ministry of Health of the Russian Federation announced the creation of a subordinate Center for Information Security and Import Substitution of Software based on the Federal State Budgetary Institution "TsNIIOIZ." Read more here.

Putin signed a decree on the creation of cybersecurity departments in medical organizations

In early May 2022, the president Russia Vladimir Putin signed a decree creating a separate cyber security one at facilities critical information infrastructure (), CUES including institutions. health care Such structures should be headed by one of the deputy heads of the organization. His duties, as well as the functions of the department government , will be approved within a month.

According to the document, cybersecurity departments are obliged to cooperate in the FSB, provide service employees with unhindered access (including remote) to information resources for monitoring, follow their instructions, data based on the results of the audit.

Putin signed a decree on the creation of cybersecurity departments in medical organizations

From January 1, 2025, when providing cybersecurity to health care institutions and other CII facilities, it is forbidden to use data protection tools made in unfriendly countries. The equipment of firms that are under the direct or indirect control of an unfriendly country affiliated with it also falls under the ban.

Explanations on the application of the decree will be given by the Ministry of Finance and the Central Bank, follows from the decree. The government was instructed to approve the list of persons under sanctions within 10 days and determine additional criteria for classifying transactions as prohibited.

The activity of cybercriminals in relation to medical institutions is steadily growing. By 2022, medicine is one of the three leaders in the number of various kinds of cyber attacks, second only to government agencies and industry, displacing banks and financial companies from the top.

The variety of information systems in different medical and preventive institutions (LPUs), which can be public, private and departmental, leads to the fact that different approaches to information protection are applied. Often, the protection of systems in LPUs is fragmented, which complicates their cyber protection.^[5]"

US Department of Health prepares for attack by Russian hackers on hospitals

The US Department of Health has issued an IT manual for the management of hospitals, clinics and other medical institutions, fearing that hackers "supported by Russia" are paralyzing their digital infrastructure, making patient care impossible. This became known on March 25, 2022.

A report entitled "Cyber ​ ​ conflict between Russia and Ukraine and potential threats to the US health sector" was prepared by a cybersecurity center within the ministry. The document lists potential threats from groups allegedly associated with the Russian Federation.

The Conti group is linked to more than 400 cyber attacks around the world, 300 of which targeted American organizations. The ransom amount can reach up to $25 million.

It is known that in May 2021, Conti disconnected the network of information technology the Ministry Ireland of Health, having achieved a malfunction x-ray of the systems, delays testing for COVID-19 in, and so on.

Among other dangers, IT specialists from the US Department of Health highlight the NotPetya ransomware (an improved version of the Petya network worm). The virus spreads across corporate networks even without the help of a specialist and can lead to complete loss of files. Initially, NotPetya was directed against Ukraine in June 2017, and then spread around the world, negatively affecting the activities of large American pharmaceutical companies and hospitals, the report said.

North American hospitals (more so than Europe and Asia) are also targeted by ransomware from the FIN12 and Ryuk groups . Ryuk has damaged at least 235 American hospitals, mental health facilities and dozens of other medical organizations since 2018. The annual revenue of the FIN12 exceeds $300 million.

Also among the threats are the HermeticWiper and WhisperGate viruses, which were used for cyber attacks on Ukrainian institutions shortly before the start of the Russian military special operation. The US department, without any evidence, attributes the committed hacks to Moscow.

The agency cites a list of vulnerabilities that are exploited by "Russian hackers."

The US Department of Health recommends minimizing IT security gaps, improving the protection of organizations in cyberspace and trying to create conditions under which critical functions of institutions would continue to be performed if technological systems are damaged. In such a situation, hospitals must have the resources to hold out for four to six weeks.

It is also pointed out the need to increase cyber readiness and warn staff about the increased risk of receiving phishing emails with malware. Organizations are ordered to make sure that many backups of data have been created, and to use geolocking - a ban "on all incoming and outgoing traffic from Ukraine and adjacent countries"^[6] Department of ^[7].

More than 50% of medical devices in the world have critical vulnerabilities

In mid-January 2022, Cynerio analysts released a report reporting that more than half of networked medical devices in hospitals posed a security risk due to critical vulnerabilities that could potentially compromise patient care.

According to the study, 53% to the Internet of the medical devices analyzed have known vulnerabilities, and a third of bedside devices have a critical risk. Cynerio analyzed more than 10 million medical devices in more than 300 hospitals and medical institutions around the world. The report warns that hackers if these medical devices are accessed, it will affect service availability, data privacy and even patient safety.

More than 50% of medical devices in the world have critical vulnerabilities

Healthcare is a prime target for cyberattacks, and even with continued investment in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on to treat patients. Hospitals and healthcare systems don't need more data - they need cutting-edge solutions that reduce risk and enable them to counter cyber attacks, and it's time for us, medical device security providers, to step forward, said Cynerio CTO and co-founder Daniel Brodie.

Of all medical devices, infusion pumps are the most common device with some vulnerability of 73%, according to the report. If attackers manage to break into an IV pump, patients will be directly affected because the pumps are plugged in. Some of the causes of these vulnerabilities are related to relatively simple things, such as outdated programs. In addition, the common risk is default passwords that are the same for the entire organization, especially since such weak default credentials protect about 21% of devices.

Cynerio experts note the fact that software network segmentation is the solution to reduce vulnerabilities and reduce the number of ransomware attacks. By sharing the hospital network, more than 90% of the critical risks associated with medical equipment can be addressed.^[8]

2021

The most attacked industry of the year turned out to be health care

On February 1, 2022, Cisco Talos spoke about the main events in the cybersecurity market in 2021.

2021 turned out to be a very tense year for the Cisco Talos Incident Response (CTIR) cyber threat group. Against the background of the pandemic, which entailed a number of specific information security problems, she had to deal with a growing circle of cybercriminals who trade in ransomware, while dealing with major security incidents that affected organizations around the world. Instead of releasing the usual quarterly report, Cisco Talos reports trends in information security for the entire 2021.

• More often than others, the attacked industry for most of the last year turned out to be health care.
• The main threat of last year was ransomware (ransomware).
• Most often, attacks began with compromising applications that have access to the Internet and phishing.
• The CTIR dealt with four major information security incidents:
  • attack on SolarWinds supply chain;
  • massive exploitation of vulnerabilitiesMicrosoft Exchange Server;
  • attack of the hacker group REvil on the IT solution provider Kaseya;
  • Log4J vulnerability detection.

• Of the four listed so far, the most significant attacks for CTIR clients were attacks that exploited Microsoft Exchange vulnerabilities; at the beginning of February 2022, they do not stop.

The main goal of the attackers during almost all of 2021 was healthcare, only in the fall attacks against local administrations came first. After an avalanche of attacks on medical facilities recorded at the end of 2020, Cisco Talos predicted that healthcare would remain the main target of ransomware in 2021. This is mainly due to insufficient funds that medical institutions allocate for cybersecurity, as well as rather high requirements for the absence of downtime (which have become even more stringent due to the ongoing pandemic).

Ransomware dominated all threats in 2021. Two trends were observed in their use: an increase in the number of attackers and an increase in the use of commercially available open source products and programs.

During 2020 and early 2021, the Ryuk ransomware was most often encountered. Then its activity began to gradually decline, and in the second half of 2021 it practically disappeared. Ryuk was not the only ransomware whose activity died down markedly in 2021. Recently, families such as Darkside, BlackMatter, REvil and Maze have also ceased to operate or rebranded. It is possible that it was due to the decline in the activity of giant ransomware that a surge in various attacks occurred in winter, and not a single family was repeated twice.

Along with the expansion of the circle of attackers observed in early autumn, the use of commercial products, open source programs and legitimate programs and components of the operating system (living-off-the-land binaries, LOLBINS) has increased. The most common are:

• Cobalt Strike
• ADFind
• ADRecon
• GMER
• Bloodhound/Sharphound
• Sharphound
• PCHunter
• 7-Zip
• WinRAR
• Windows Management Instrumentation
• RDP
• Rubeus
• TeamViewer.

In 2021, as in 2020, in most organizations, the registration of events was carried out in such a way that in many cases it was not possible to establish the initial vector of the attack with accuracy. When the initial vector could be determined with sufficient confidence, phishing and applications that had access to the Internet came first.

The increase in the number of targeted attacks is associated, among other things, with the disclosure of a number of major vulnerabilities software used by many organizations. In particular, these are several Exchange vulnerabilities Microsoft that have led to the need to conduct incident response activities in many organizations.

At the same time, the increase in the number of phishing attacks may be due to the fact that they are a traditional way for initial infection when using ransomware, which accounted for most of the threats during 2021. In addition, in the fall of 2021, the number of corporate email compromises increased, which increased the share of this vector in the overall picture.

Amid the stress of working in a pandemic and the ever-increasing and worsening threats from ransomware, the CTIR group had to deal with four serious incidents that affected organizations around the world.

• December 2020. There is a sophisticated attack on the supply chain, during which attackers gained access to victim networks through the implementation of trojan ON SolarWinds Orion updates. The target of the attack was numerous large enterprises and. state structures USA
• March 2021. CTIR deals with multiple attacks related to a number of unresolved Microsoft Exchange Server vulnerabilities.
• July 2021. A group of ransomware hackers REvil attacks Kaseya, which develops IT solutions for managed service providers (MSPs). Since the target of REvil was providers that manage customer IT services, the attack hit at least 1,500 organizations.
• December 2021. Attackers begin to scan and exploit a critical remote code execution vulnerability in the well-known Apache Foundation Log4j library.

In 2021, at the height of ransomware attacks, CTIR announced the absence of multifactor authentication (MFA) as one of the main obstacles to ensuring enterprise information security. CTIR often encounters incidents that could have been prevented when the MFA was turned on on critical services. CTIR encourages organizations to implement MFA wherever possible.

About a third of medical organizations around the world leak patient data during a telemedicine session

The vast majority of medical organizations providing telemedicine services use ancient equipment with outdated operating systems for this. According to Kaspersky Lab, this carries a direct risk of patient safety and personal data. This became known on December 30, 2021. Read more here.

Ministry of Digital Development, FSB and FSTEC approved the draft concept of a unified information security system in healthcare. What will she be like?

The Ministry of Digital Development, the FSB and the FSTEC agreed on the draft concept of a unified information security system in the field of health care, developed by the Ministry of Health. This was announced in December 2021 by Alexander Dubasov, adviser to the director of the Federal State Budgetary Institution TsNIIOIZ of the Ministry of Health^[9]The document is being prepared for the minister's report.

The draft concept defines the directions for the development of the information security system, outlines the principles, approaches and requirements for ensuring the protection of information. Among the goals of the document are the development of uniform principles and approaches to ensuring the protection of information, the introduction of industry standards and methodological recommendations.

So far, says Alexander Dubasov, the Ministry of Health in terms of sectoral regulation in the field of information security is on the initial path. And the actual state of information resources in health care is a consequence of the historically decentralized approach to the creation of information systems, implemented in conditions of limited resources. It is characterized, among other things, by the diversity of the tasks solved, the variety of software, technical solutions, architectures, the consolidation of information for various purposes, and the lack of a level of fault tolerance.

When developing the concept, the goal was laid down to create a unified system for building information security at all levels: federal, regional, municipal "(photo - Shutterstock)"

The key element, according to the draft concept, is the creation of an industry center for information security of the Ministry of Health on the basis of a subordinate institution, which will serve as an industry center of State system of detection, prevention and elimination of consequences of computer attacks. This, among other things, implies monitoring and responding to information security threats. It will interact with other departmental centers of State system of detection, prevention and elimination of consequences of computer attacks and corporate centers of information security.

The center will organize and coordinate the activities of participants in the unified information security system in healthcare, be involved in the implementation of departmental control over the implementation of requirements for the protection of information in IT systems, the customer or the operator of which is the Ministry of Health or its summaries.

In addition, the center will monitor the fulfillment by the subjects of the critical information infrastructure (CII) in healthcare of the requirements of regulators for the protection of CII facilities and ensuring their functioning, develop additional requirements for the protection of CII facilities in health, industry standards and methodological recommendations.

The same structure will serve as an industry competence center for information security in healthcare, participate in forecasting and analyzing information security threats in industry systems, and participate in incident investigations.

And she will also have to interact with the FSB and FSTEC on information protection in industry IT systems, as well as organize and control the quality of training IB-personnel in the field of health.

When we worked out the concept, the goal was to create a unified system for building information security at all levels: federal, regional, municipal. And the goal of creating an industry center is that it really is a competence center that, together with all participants, will be able to build a single system and be not just a regulator, but an industry assistant for information protection, "Dubasov explained.

The adviser to the director of the FSBI TsNIIOIZ of the Ministry of Health says that the analysis continues on the number of CII objects that will fall under monitoring. And since the development of the center is expected for the long term, the number of KII facilities taken for monitoring will increase gradually.

A system of interaction with everyone will be built, because in any case, in terms of monitoring, the industry center will not stretch the entire industry, because it has a colossal size, "added Alexander Dubasov.

The draft concept provides for a 3-year development plan for the center with an increase in the number of employees. However, the adviser to the director of the FSBI TsNIIOIZ of the Ministry of Health did not provide data on how much the center will estimate the employees and what the project budget may be.

Hackers gain access to 150,000 Verkada cameras in hospitals, police and companies around the world

In early March 2021 hackers , a security system was hacked, startup Verkada which offers corporate video surveillance services. As a result of the attack, attackers gained access to more than 150,000 cameras, including cameras in factories and warehouses, Tesla offices, Cloudflare Equinox gyms, hospitals, prisons, schools, police stations and Verkada's own offices. More. here

DPRK hackers attack Pfizer to sell clandestine COVID-19 vaccine

In mid-February 2021 the North Korean hackers , they tried to hack into computer pharmaceutical the company's systems Pfizer in search of information to vaccine about and technology (). treatment of coronavirus infection COVID-19 This became known on February 25, 2021. More. here

For the first time, ransomware viruses attacked medical institutions in the Russian Federation

In early February 2021, it became known about the first ransomware attacks on Russian hospitals. Hackers use such malicious programs to encrypt user data and steal important information, said Nikolai Murashov, deputy director of the National Coordination Center for Computer Incidents (NCCCA, created by order of the FSB to combat the threat of hacker attacks on Russian infrastructure).

According to him, in addition to the fact that for the first time cases of introduction of viruses into the information infrastructure of medical institutions were recorded, attempts of similar cyber attacks of the resources of the Central Election Commission, the Public Chamber of the Russian Federation and various state authorities were recorded. At the same time, Murashov did not report on the consequences of possible hacks of the IT systems of hospitals and other institutions.

Ransomware attacks hit Russian medical institutions for the first time

According to Murashov, the main sources of cyber attacks on Russian resources are outside the country - 67 thousand foreign malicious resources and 65 thousand such resources in Russia blocked the center for the year.

Ransomware virus attacks on medical organizations were previously seen outside Russia. So, hackers, using this type of malware, paralyzed the work of the Uniklinik hospital in Dusseldorf, Germany, encoding information on 30 servers of this institution. As a result of the failure, a patient died, who was transported to another hospital. Uniklinik for a whole week could not take patients and perform operations.

Earlier, Kaspersky Lab recorded a series of targeted cyber attacks on Russian healthcare organizations. According to the company, up to ten large government agencies in the southern regions of Russia were attacked. The attackers speak Russian fluently, but are geographically located outside the country, according to Kaspersky Lab^[10]

2020:91% increase in cyber attacks on Russian medical institutions

In 2020, the number of hacker attacks on Russian medical institutions increased by 91% and accounted for 9% of the total number of such cyber incidents. This is evidenced by data from Positive Technologies, a company specializing in information security technologies.

According to experts, health organizations were ahead of the financial sector in terms of the share of hacker attacks. According to a study by Positive Technologies, in medicine, cybercriminals primarily hunted for hospital data, but attacks on vaccine developers, laboratories, pharmaceutical companies and related enterprises have also been registered.

Cyber ​ ​ attacks on Russian medical institutions in 2020 increased by 91%

To gain access to the computer networks of medical institutions, in 66% of cases, attackers used social engineering methods like phishing emails. Cybercriminals used hacking directly in 21% of cases. In other cases, attackers either selected data for authorization or exploited web vulnerabilities, Positive Technologies said.

The most common pattern of hacker behavior is a ransom for decrypting data. For medical institutions, equipment malfunctions are critical, so the chance to get the required amount is quite high, "said Ekaterina Kilyusheva (quoted by Izvestia).

Medical facilities are of interest to patient data hunters, she said. Hackers can sell them on the dark web to other criminals or demand a separate ransom from the hospital for non-disclosure. When a celebrity turns out to be hacked among clients, the star can also be blackmailed, he added.

Usage malware is still trending, according to Positive Technologies. In 2020, the number of such attacks increased by 54% compared to 2019.^[11]

2019

Black Market Medical Data Costs More Banking

Medical data on the black market costs more banking. This was reported in December 2019 at Kaspersky Lab.

According to experts, more and more ads will appear on the darknet for the sale of medical data, including from medical records and insurance policies, since such information is considered a valuable resource for attackers. They can use meddata to enter into trust in users, deceive them themselves or their relatives.

According to experts, more and more ads will appear on the darknet for the sale of medical data, including information from medical records or insurance policies.

Access to electronic medical record data may be interesting not only to steal them. For example, hackers can make changes to them in order to carry out targeted attacks and deliberately make it difficult to make diagnoses.

Rise in attacks on healthcare organizations

Kaspersky Lab notes that medical companies are increasingly becoming victims of ransomware. This happens for two main reasons:

• insufficiently serious perception of risks associated with digitalization in the health care industry;
• lack of due attention to the issues of training employees in basic cybersecurity skills.

From the beginning of 2019 to December, every fifth device was attacked in medical organizations around the world. According to Kaspersky Lab forecasts, the number of such attacks will grow, especially in developing countries, where the process of digitalization of such services is just beginning. In particular, there will be more and more targeted attacks using encryption programs that lead to a loss of access to internal data or resources. This is fraught with irregularities in the diagnosis process and even depriving patients of the care that is required immediately.

The study also refers to an increase in the number of attacks on research medical institutions and pharmaceutical companies. So, in 2019, 49% of devices in pharmaceutical companies were attacked.^[12]

CloudMid spy program attacked Russian healthcare organizations

On July 18, 2019, Kaspersky Lab reported that Russian healthcare organizations were faced with targeted cyber espionage.

Kaspersky Lab experts have recorded a series of targeted attacks on Russian healthcare organizations. The incidents occurred in the spring and early summer of 2019, several institutions in the southern regions of Russia became victims of the attackers. As analysts found out, the attackers speak Russian fluently, but are geographically located outside of Russia. The main goal of the attackers was to collect financial data.

The infection of computers in organizations working in the healthcare sector was carried out using the previously unknown spy program CloudMid. The malware was sent by e-mail and disguised as a VPN client of a well-known Russian company. However, this newsletter was not massive: only some organizations in individual regions received mail messages containing a spy program, which indicates the target nature of the attack.

After installation on the system, CloudMid began collecting documents stored on an infected computer. To do this, in particular, the malware took screenshots several times a minute. Kaspersky Lab experts found that attackers collect financial information from infected machines: contracts, referrals for expensive treatment, invoices and other documents that somehow relate to the financial activities of healthcare organizations.

The health sector has begun to interest cyberplayers, including the organizers of complex and covert targeted attacks. The distribution of the CloudMid spy program we discovered is another confirmation of this. In this case, the attacks, although they did not differ in good technical elaboration, were targeted, and the attackers still managed to get what they wanted. That is why healthcare organizations should pay increased attention to cybersecurity issues, in particular, to train employees in threat recognition skills, as well as to use reliable security solutions,

Kaspersky Lab solutions recognize all known samples of the CloudMid spy program and protect users from this threat.

2018: Hackers learn how to change data from implanted medical devices

In August 2018, McAfee Advanced Threat Research security experts demonstrated at a cybersecurity conference how hackers can hack into a medical organization's network and falsify patient data from monitoring devices in real time.

Identifying these vulnerabilities was the first step in reassessing the security of the network protocol used by medical devices. McAfee researcher Douglas McKee spoke to the audience and demonstrated how false vital signs can be presented: in five seconds, he replaced the normal pattern of heart rhythm with isolinia, indicating the death of a conditional patient. It goes without saying that the ultimate goal of this demonstration is to improve device security rather than provide attackers with a new target to attack.

Hackers have learned to falsify patients' vital signs in real time

McKee said that in the absence of proper identification of monitoring devices, they could easily be replaced by a simulator on the network. Most patient monitoring systems consist of at least two main components: a bedside monitor and a central monitoring station.

These devices are connected to a wired or wireless network via TCP/IP ( Internet Protocol). A central monitoring station collects data from multiple bedside monitors so that one doctor can monitor multiple patients. It is the connection between the monitor and the central station that represents the main vulnerability: by hacking it, the researchers were able to download unencrypted data and then change it. By connecting a regular computer to the network instead of a bedside monitor, they were able to falsify the patient's vital signs.

The researchers noted that encrypting network traffic between devices and identifying would dramatically increase the complexity of such an attack.^[13]

2017

Siemens Healthcare Eliminates Clues in PET Scanners

On August 7, 2017, Siemens Healthineers announced a software update for positron emission tomography scanners. The company fixes vulnerabilities that hackers could theoretically exploit to break into this medical equipment. Read more here.

The number of medical institutions affected by hackers in the United States has grown 4 times

The number of American medical institutions affected by hacker attacks has quadrupled. Such data are provided by the U.S health care USA  . Department of Health and Human Services.

As shown in the graph below, from 2010 to 2015 there was a critically dangerous trend for medical institutions: if the number of hospitals and clinics that suffered from cyber attacks grew linearly and was small for five years (8 in 2010 and 30 in 2015), then the number of people served in these medical institutions who could be affected by this problem increased exponentially. In 2015, there were about 5.3 million such patients in the United States against 589.5 thousand a year earlier. In 2010, about 61.7 thousand people suffered from the actions of hackers.

Graph of growth in the number of healthcare facilities and patients potentially affected by hackers in the U.S. between 2010 and 2015, data from the Department of Health and Human Services

Experts attribute the trend of rapid growth in audiences facing cyber attacks to the growing adoption of electronic medical records, an increase in the number of medical equipment and Internet of Things devices connected to hospital networks. In addition, the spread of viruses that interfere with the work of not only computers, but also medical devices affects.

As the AuntMinnie.com website notes, cyber protection of medical imaging equipment is of higher importance than in the case of other medical equipment, since MRI scanners and other similar diagnostic devices store secure medical data and directly interact with electronic medical record and PACS systems. Devices working with medical images are becoming an increasingly attractive target for hackers, as they are the point of access to the most valuable assets of medical institutions.

In radiology, it is customary to deny that medical imaging machines do not need protection. Such a worldview needs to be eradicated, "said Anthony Seibert, Ph.D., professor and deputy head of the Department of Radiological Informatics at the University of California, Davis.[14]

See also

• Information security
• Information security (Russian market)
• Information security in banks
• Information security in the company

Notes