Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsFBI: cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system
https://apnews.com/article/politics-crime-elections-presidential-elections-548634f03e71a830811d291401651610Federal agencies warned that cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system. Independent security experts say it has already hobbled at least four U.S. hospitals this month, and could potentially impact hundreds more.
In a joint alert Wednesday, the FBI and two federal agencies warned that they had credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. They said malicious cyber actors are targeting the sector with ransomware that could lead to data theft and disruption of healthcare services.
The attacks coincide with the U.S. presidential election, but do not appear to have any connection to it. We are experiencing the most significant cyber security threat weve ever seen in the United States, Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement. Hes concerned that the group may deploy malware to hundreds of hospitals over the next few weeks.
Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. Administrative problems caused by ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up, could further stress hospitals burdened by a nationwide spike in COVID-19 cases.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
1 replies, 572 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (10)
ReplyReply to this post
1 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
FBI: cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system (Original Post)
Mrs. Overall
Oct 2020
OP
CousinIT
(9,241 posts)1. Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone
https://www.securityweek.com/exclusive-medical-records-35-million-us-patients-can-be-accessed-and-manipulated-anyone
More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers
The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year's National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on 'Securing Internet-Connected Devices in Healthcare'.
The details were disclosed to SecurityWeek by Dirk Schrader, global vice president at New Net Technologies (NNT -- a security and compliance software firm headquartered in Naples, Florida). He demonstrated that the records can be accessed via an app that can be downloaded from the internet by anyone. The records found are in files that are still actively updated, and provide three separate threats: personal identity theft (including the more valuable medical identity theft), personal extortion, and healthcare company breaches.
Schrader examined a range of radiology systems that include an image archive system -- PACS, or picture archiving and communication system. These contain not only imagery but metadata about individual patients. The metadata includes the name, data of birth, date and reason for the medical examination, and more. Within a hospital, the imaging systems (X-rays, MRIs etc) are also stored in the PACS. The treating physician needs ready access to the images to confirm the current treatment. Schrader simply used Shodan to locate systems using the DICOM medical protocol. Individual unprotected PACS systems within the return of 3,000 servers were located manually. One, for example, contained the results of over 800,000 medical examinations, probably relating to about 250,000 different patients.
Although unprotected servers were found manually by Schrader, he chose this route to demonstrate that no hacking skills are required in this process. An attacker could have written a script to separate the protected from the unprotected servers in a fraction of the time. In total, he had access to more than 2 petabytes of medical data. . . .
The level of detail on individuals includes names and sometimes social security numbers -- potentially allowing identity theft. The type and result of the medical examination is also included, allowing an attacker to collect details on patients who have proved COVID or HIV positive, or had a mastectomy procedure -- potentially allowing personal extortion. In some cases, active folders can be accessed -- and updated -- by an attacker simply through a browser. If these folders are updated with a weaponized PDF or JPG, then the attacker has a potential route to deliver malware and ultimately ransomware to the healthcare institution concerned. Where a physician is using the content of the PACS server to check on a patient's current treatment, and downloads a weaponized file, he or she could potential open route for malware to infect the institution, ultimately leading to a major ransomware attack.
The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year's National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on 'Securing Internet-Connected Devices in Healthcare'.
The details were disclosed to SecurityWeek by Dirk Schrader, global vice president at New Net Technologies (NNT -- a security and compliance software firm headquartered in Naples, Florida). He demonstrated that the records can be accessed via an app that can be downloaded from the internet by anyone. The records found are in files that are still actively updated, and provide three separate threats: personal identity theft (including the more valuable medical identity theft), personal extortion, and healthcare company breaches.
Schrader examined a range of radiology systems that include an image archive system -- PACS, or picture archiving and communication system. These contain not only imagery but metadata about individual patients. The metadata includes the name, data of birth, date and reason for the medical examination, and more. Within a hospital, the imaging systems (X-rays, MRIs etc) are also stored in the PACS. The treating physician needs ready access to the images to confirm the current treatment. Schrader simply used Shodan to locate systems using the DICOM medical protocol. Individual unprotected PACS systems within the return of 3,000 servers were located manually. One, for example, contained the results of over 800,000 medical examinations, probably relating to about 250,000 different patients.
Although unprotected servers were found manually by Schrader, he chose this route to demonstrate that no hacking skills are required in this process. An attacker could have written a script to separate the protected from the unprotected servers in a fraction of the time. In total, he had access to more than 2 petabytes of medical data. . . .
The level of detail on individuals includes names and sometimes social security numbers -- potentially allowing identity theft. The type and result of the medical examination is also included, allowing an attacker to collect details on patients who have proved COVID or HIV positive, or had a mastectomy procedure -- potentially allowing personal extortion. In some cases, active folders can be accessed -- and updated -- by an attacker simply through a browser. If these folders are updated with a weaponized PDF or JPG, then the attacker has a potential route to deliver malware and ultimately ransomware to the healthcare institution concerned. Where a physician is using the content of the PACS server to check on a patient's current treatment, and downloads a weaponized file, he or she could potential open route for malware to infect the institution, ultimately leading to a major ransomware attack.