Networks and Internet-connected devices in hospitals, insurance companies, and pharmaceutical companies are being routinely infiltrated by sophisticated cyberattacks, according to a report released by Norse and SANS on Feb. 19.
Technological advancement means that almost all software, applications, systems, and devices are connected to the Internet. This reality provides opportunity for cyberattacks, which are moving to the medical realm.
The report found that 375 healthcare organizations in the U.S. have been compromised between September 2012 and October 2013. Many of these companies are still compromised because they are unaware of the attacks.
Beyond obtaining patient files and information, attackers have been able to access radiology imaging software, conferencing systems, printers, firewalls, Web cameras, and mail servers.
Oftentimes, basic security measures have not been taken by healthcare organizations. Many utilize default firewall settings, protect outlets with simple passwords, and sometimes use the same password for everything.
“With new forms of health care taking hold, and more open exchanges of health care information between patients, insurers, doctors and pharmacists, these threats will only increase. The time to act is yesterday. Organizations must become aware of the many attack surfaces in their organizations and follow best practices for configuring these systems and monitoring them for abuse,” concluded the report.