Cyberattacks in the health care sector are dramatically increasing. The last Threats Report from McAfee Labs reveals that in 2017 the health care sector experienced a 211% increase in publicly disclosed security incidents compared with 2016, with 267 publicly reported incidents. The reason for this increase seems to be clear: hackers gain an average of $50 for each health records stolen and then sold, and hospitals are inclined to pay in case of ransomware attacks to avoid the block of computer systems.
In analyzing the attacks, McAfee Advanced Threat Research experts concluded that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.
“When we began our investigation into the security status of medical imaging systems, we never expected we would conclude by reconstructing body parts” Christiaan Beek, lead scientist of McAfee Office said. “The amount of old software used in implementations of PACS servers and the amount of vulnerabilities discovered within the software itself are concerning. We investigated relatively few open-source vendors, but it begs the question: What more could we have found if we had access to professional hardware and software?”.
The research of McAfee Labs demonstrates that default accounts, cross-site scripting, or vulnerabilities in the web server could lead to access to the systems; and, once inside, the data and pictures can be permanently altered.
About McAfee Labs
McAfee Labs, led by McAfee Advanced Threat Research, is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors — file, web, message, and network — McAfee Labs and McAfee Advanced Threat Research deliver real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.