Programma

News

July 4, 2016

Old malware threatens connected medical equipment

Old malware going by the name of Conficker could become a serious threat for digital medical applications and equipment in the health care sector. The so called Conficker worm First showed its ugly head in 2008. These days it’s no longer seen as a serious threat. It is exactly this lack of urgency that has given the old worm a chance to bury itself deep in networks, opening up these networks for more modern trojans and other forms of malware that can create havoc.

Share this article

According to security company TrapX, the health care sector has become one of the most threatened industries when it comes to malware, cyberattacks et cetera.  It is under attack more these days than are industries such as financials and retailing.

A good example of this threat is a new version of Conficker that is specifically targeting connected medical equipment. The threat is serious, because a lot of connected equipment in for example hospitals have low levels of security, TrapX states in a press release concerning the report Anatomy of an Attack – Medical Device Hijack 2” (MEDJACK 2).

Often these devices push to or receive data from databases (like EHR’s) full of patient information. If they have been infected with malware, cybercriminals can gain access to the patient information. Mostly these days that is the ‘gold’ cybercriminals are after. They have little or no interest in seizing medical equipment in order to hurt patients, though it’s possible ransomware can infect a device, making hospitals pay money if they want to use a device again.

But the patient information – records concerning e.g. someones medical history – is a much bigger source of money these days. This information makes identity theft and fraude possible. Cybercriminals could for example get the costs for expensive medicine reimbursed. And because the level of security is usually lower then when credit card data is concerned, the ratio between costs and benefits is a lot better.

Recently Deloitte research pointed out that hospitals have a long way to go in getting up to speed with securing their connected equipment. Of 24 hospitals surveyed in nine countries, more than have use only standard passwords (default settings) to secure connected equipment.

Share this article

Don't miss the most exciting developments