Skip to main content

Featured

How Cybercriminals Attack the Internet of Things

The proliferation of the Internet of Things (IoT) devices is transforming entire industries requiring all of us to rely on the products they market.  According to a Gartner analysis, an estimated 20.4 billion IoT devices will be connected by the year 2020. This staggering number is making it far easier than ever for cybercriminals to execute an attack.
Cybercrime as a Business
Today, Cybercrime is a business and is ruthlessly dangerous attacking a wide spectrum of devices from medical, to household thermostats, smart appliances, and every type imaginable connected to the Internet. The illicit business operates around the clock but typically attacks victims during unsuspecting hours. They measure their cost/benefit to mainly generate revenue by selectively attacking them during off-hours. Their tools of choice are custom built and unleashed against a specific class of IoT devices. Malware is commonly acquired online then modified to exploit their victims.

There are many examples such as…

The CISO’s Guide to Minimizing Health Care Security Risks


In an ever-changing, dynamic threat landscape, a chief information security officer (CISO) in the healthcare sector must have knowledge in multiple areas and understand that data breaches have severe repercussions that affect employees, patients and the organization at large. To respond effectively to health care security risks, a CISO must possess well-rounded experience in several areas that go beyond privacy and security.

Health Care Security Risks on the Rise

Cybercriminals often target healthcare organizations because they are notoriously vulnerable to identity theft. Personal health information (PHI) is lucrative, and fraudsters relentlessly attack networks, systems, and applications that have been misconfigured or poorly maintained. These threats can pose life-or-death situations if they target heart monitors, intravenous pumps or other hospital devices that can be disabled or altered.

Threat actors have also been known to inject fraudulent data or otherwise falsify patients’ health records. They might modify a file to show, for example, that a patient has a serious condition from which he or she does not suffer, or that the patient requires medication that could be dangerous.
Ransomware is one of the most dangerous threats to health care security because it can disable workstations, medical devices, and critical record-keeping systems. Hospital employees are often too busy to apply patches and update applications, and workstations are typically operated by several different clinical staff members, all of whom are more focused on patient care than data security. This environment creates a virtually unlimited number of attack vectors for threat actors to exploit.
Most of these healthcare security challenges can be attributed to a lack of awareness. According to the Harvard Business Review, the medical industry has been slow to adopt effective strategies to protect medical data stored on stolen or lost mobile devices. As a result, many healthcare workers are ignorant of security risks that threaten the integrity of patient data.





The increasing use of connected medical devices in-home care and other medical services further complicates security. If compromised, these devices can potentially lead to widespread attacks and directly impact the individual’s physical well-being. Additionally, health care professionals may take medical data off the grid when they use personal devices to increase productivity.

Mitigating Threats to Health Care Security

To combat these healthcare security risks, the CISO must develop a holistic approach to security. The security leader should take a page out of the financial industry’s incident response playbook, which calls for a focus on information sharing, stronger authentication and education about cybersecurity risks.

Security professionals should also ensure that the organization’s security program is compliant with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), which continually update as new cybercriminal tactics targeting healthcare data emerge.

Of course, one of the most basic data security tactics is encryption. Healthcare security leaders should invest in robust encryption solutions and restrict privileges to employees who must access sensitive data to perform their jobs. The same goes for third-party vendors. Other effective healthcare security measures include multifactor or biometric authentication on workstations and mobile devices, chip cards to streamline patient identification and blockchain to verify recorded transactions between multiple parties.

The CISO is responsible for protecting patients’ health data, which requires collaboration across the organization and with business partners such as vendors and insurers. For the common good of the healthcare industry at large — which includes individual practitioners, third parties and, most importantly, patients — all healthcare organizations must invest in solutions and strategies to protect PHI and manage risks to critical systems.

Comments