Slashdot Mirror
Remote Access System Hacking Is No. 1 Patient Safety Risk (healthitsecurity.com)
Hackers attacking healthcare through remote access systems and disrupting operations is the number one patient safety risk, according to the ECRI Institute's annual Top 10 Health Technology Hazards for 2019. From a report: ECRI Institute said it published 50 cybersecurity-related alerts and problem reports in the last 18 months, a major increase over the prior period. "Remote access systems are a common target because they are, by nature, publicly accessible. Intended to meet legitimate business needs, such as allowing off-site clinicians to access clinical data or vendors to troubleshoot systems installed at the facility, remote access systems can be exploited for illegitimate purposes," the report warned.
The ECRI report [PDF] said that once hackers gain access through these systems, they can move around the network, install ransomware, steal or encrypt data, or hijack computer resources for cryptocurrency mining. "The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death." The report recommended that healthcare organizations identify, protect, and monitor all remote access systems and points of entry, and adopt cybersecurity best practices, such as a strong password policy, maintaining and patching systems and software, and logging system access.
The ECRI report [PDF] said that once hackers gain access through these systems, they can move around the network, install ransomware, steal or encrypt data, or hijack computer resources for cryptocurrency mining. "The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death." The report recommended that healthcare organizations identify, protect, and monitor all remote access systems and points of entry, and adopt cybersecurity best practices, such as a strong password policy, maintaining and patching systems and software, and logging system access.
One time I took a friend to the ER and she wasn't injured and couldn't really represent herself. The nurse who was going to check us in couldn't get the job done because her tablet kept getting a BSOD. All IT systems can go down, but goddamn, wouldn't you think that having Windows in the ER would be beyond "asking for it" ? I'm not the biggest fan of AIX, but at least the other ER I took her to could check her in, they used an AIX based patient system. Unbelievable. I bet they have insecure-as-hell Android and iOS systems handling patient records, too. What's the advantage of that? Nurses can take selfies while the system is down (or being spied on by Russians and Chinese) ?