Under Attack: Israeli Cyber Experts Warn Of Large-Scale Healthcare Hacks

By Viva Sarah Press, NoCamels July 04, 2018 6 minutes

A pacemaker insertion surgery. Photo via Pixabay

The healthcare industry is under attack, according to the cyber intelligence community, and dark web black market activity shows hackers are gung-ho on targeting hospitals, medical devices and healthcare systems in order to get their hands on sensitive and personal information.

This is a global epidemic; no country is protected.

In the United States, the US Department of Health and Human Services said 165 cyber incidents were reported to its Office for Civil Rights breach portal since the beginning of the year, affecting 3.2 million people. The largest of these data breaches involved California Department of Developmental Services, which exposed medical records of 582,174 individuals.

In June, reports from Norway suggested a hacker may have stolen healthcare data for half of the country’s population.

“Medical data is very rich with PII (personal identifiable information),” says Leon Lerman, CEO of Cynerio, an Israeli cyber outfit protecting hospitals in Israel and the US from cyber threats. “Unlike credit cards, medical data cannot be canceled and therefore have a longer lifetime for hackers to use the data for identity theft and medical fraud.”

An illustrative photo of Electronic Medical Records program. <a href="https://www.flickr.com/photos/juhansonin/3857845956/in/photolist-apKYMA-FUqrh-EoGEN-atsW6f-5sZGsV-HDyZ4-5h5xuu-5TULVh-6SUtcs-atsVno-atsWaW-27zzzij-aptNNS-YesBje-FUqhE-rh2T7X-rgYzC1-atqgAt-atsVGN-YDt7Y7-atqgzc-atqgGg-6KZpn7-8z1aPW-YBTDY1-reGFyY-atqggk-Xp2RC7-atqfT8-rgTJP6-YiBaj1-qkeyJD-rgU9w6-rh19ue-qZzDvF-Gw3PWj-zMAiCe-ZUSbhv-qZtVM1-atsVWA-ri6YtA-qZtvWo-rh2G4p-rkMhBf-27zzuD9-YHXXic-zwG1XH-rocW1A-Pawt75-27zzsf1" target="_blank" rel="noopener">Photo by Juhan Sonin</a> via Flickr, CC BY 2.0

An illustrative photo of a program for Electronic Medical Records (EMRs). Photo by Juhan Sonin via Flickr, CC BY 2.0

Indeed, medical data is deemed a high-value product – prime for identity theft and insurance fraud – on darknet forums and there’s a rising demand of such data.

“The more confidential and sensitive, the more valuable,” says Gilad Israeli, a Sixgill cyber intelligence analyst. “Fraudsters are looking for the most sensitive data because it is more valuable, and they can ask for more money. If they offer super hard-to-get medical device ID or a way to hack it, it means they are very good at what they’re doing and it heightens their reputation. And, reputation means money in the longer term.”

According to a 2017 Sixgill Threat Report, healthcare breaches were the second highest of any industry, right after the business sector, but also logged the biggest increase from year to year — 30.7 percent of the data breaches in 2017 versus 22.6 percent in 2016.

Medical devices tempt hackers

From MRI machines to pacemakers, insulin pumps to X-rays, healthcare administration systems to medical practice files are all rife with personal information that is easy to access.

“The problem is that the whole healthcare industry is not aware enough of the dangers. Medical devices and systems are easily hackable and hackers, hactavists and threat actors are more and more interested in the knowhow of how to shut down medical devices, how to hack hospitals and medical centers,” Israeli tells NoCamels.

A CT scan. Photo via Pixabay

The healthcare ecosystem is still slow on addressing known vulnerabilities, updating software, stopping password sharing. In other words, the laxness in securing connected devices and systems makes healthcare the perfect target.

“You can see medical devices with the simplest user and password: admin and admin. This is the ABC of what not to do in today’s cybersecurity atmosphere. I wouldn’t be surprised if in the near future we’ll see more and more data breaches of medical records,” says Israeli.

Indeed, global data breaches happen daily. But the healthcare industry, in particular, is at risk because of the vast number of devices needing to be secured.

Earlier this year, Malware Lab researchers at Ben-Gurion University of the Negev demonstrated the relative ease of exploiting unpatched medical devices, such as CT and MRI machines, which do not always receive ongoing security updates.

The researchers showed how an attacker can compromise the computer that controls the CT device causing the CT to emit high rates of radiation, which can harm the patient and cause severe damage. They also said attackers can block access to medical imaging devices (MID) or disable them altogether as part of a ransom attack, which has already occurred worldwide.

“CTs and MRI systems are not well-designed to thwart attacks,” Dr. Nir Nissim, head of the Malware Lab at BGU’s Cyber Security Research Center, said in a statement. “The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable.”

An MRI machine. Photo via Pixabay

But it’s not all doom and gloom. Cybersecurity outfits are tweaking their algorithms to keep the health sector safe from hackers.

Sign up for our free weekly newsletter

In Israel, Tel Aviv Sourasky Medical Center and Rambam Healthcare Campus recently announced an agreement with Cynerio to protect its medical device ecosystem from data breaches and other cyber threats. While both medical facilities already had cybersecurity in place for hospital networks, the new agreement specifically safeguards medical devices.

“The hospital became aware that there is a large and growing number of connected medical devices in its ecosystem which could become vulnerable to cyberattacks, which was a concern due to the sensitive and valuable patient data it handles. Most of the devices used in healthcare’s clinical environment are outside the scope and capability of traditional IT security technologies, which elevated the issue to a critical threat. The hospital sought a technology that could show what’s happening in the medical device ecosystem, how many devices could be affected and also help to protect them,” Eyal Kellner, CTO of Rambam Hospital, said in a press statement.

“We are working with most of the hospitals in Israel, and leading US health systems, to secure their weakest link – the connected medical device which can be used as a hidden gateway by hackers to the patient data,” Cynerio’s Lerman tells NoCamels.

“Protecting medical devices is important but it’s just part of the challenge. There is an entire ecosystem supporting these devices which includes gateways such as medical imaging picture archiving and communication systems, nurses stations, clinical servers, DICOM printers and middleware, that is also vulnerable and needs protection,” says Lerman.

WannaCry, Orangeworm put morals to the test

In 2017, the global WannaCry ransomware attack crippled hospitals and left them unable to access digital medical records. The attack also impacted the quality of care provided to patients.

“When it comes to hospitals or medical practices or healthcare companies, ransomware is a very good way to shut down medical services which are in some cases lifesaving. Ransomware is a good way to make easy money because when it comes to lifesaving infrastructure and medical devices, they know they’ll be able to ask for money in a quicker way and know they’ll get it faster,” says Israeli.

An illustrative photo of a pacemaker. Photo via Pixabay

Morals and ethics aren’t strong on the dark web. This under-the-radar marketplace is a haven for cyber criminals to plan and execute their crimes and because it is an anonymous platform where society’s regular rules do not apply, Israeli says, the combination of smart people, bad guys and well-paying customers tends to lead to shrewder crimes.

“We do see people talking about morals on the dark web but they don’t really go farther into it. In the short term, they look for the profit and reputation,” says Israeli.

The current threat on global healthcare is Orangeworm. Symantec identified this new attack group earlier this year, and showed how it’s targeting the healthcare sector and related industries.

While Israeli healthcare hasn’t suffered Orangeworm’s attacks yet, Lerman and Israeli say that even with top cybersecurity measures in place, every country is a likely target.

“Many of these attacks are targeting old and unpatched systems which every hospital has, with Israeli hospitals being no exception to that. As happened with WannaCry – which also affected some Israeli medical facilities,” says Lerman.

“It is safe to say that as more threat-actors develop their skills of harming the healthcare sector, Israel will face a higher probability of experiencing a cyber attack against its medical institutions during global hacktivist events such as OpIsrael,” says Israeli.

And while the silver lining is that more cybersecurity companies are focusing on the healthcare sector, says Israeli, the overall picture is still rather bleak.

“Hacking medical devices and shutting down medical systems is a very easy way for terrorists to take action,” says Israeli. “In the longer term, I can see terrorists or any other hacktivists that don’t really care about people’s lives, take it into action, because this is what they want. They want to shut down medical institutions in order to harm communities.”

Viva Sarah Press is a journalist and speaker. She writes and talks about the creativity and innovation taking place in Israel and beyond. www.vivaspress.com