Security News > 2020 > February > Hackers Cashing In On Healthcare Industry Security Weaknesses

SAN FRANCISCO - Cybercriminals are pushing boundaries in looking for new ways to cash in on the healthcare space - whether it is persuading desperate patients to download health information apps that actually infect their devices with malware, attacking hospitals with ransomware attacks or even selling patients fraudulent insurance or medicine on illicit online markets.

Not only is the medical space a treasure trove of personal identifiable information collected from patients, but medical device manufacturers and hospitals lack basic security hygiene, experts say.

Another diabetes app was taking cleartext data and transmitting it to a server in Asia; while still another was serving up adware and attempting to access users' device microphones and GPS. Looking ahead, Lakhani said that hospitals, medical device manufacturers and healthcare systems need to better collaborate on security - especially as hospitals adopt more internet of things devices while failing to ready themselves for the onslaught of security and privacy challenges that come with medical connected devices.

Penny Chase, the information technology and cybersecurity integrator in the Information Technology Technical Center at MITRE, agreed, saying at an RSA session that medical security needs to be a shared responsibility model, between healthcare organizations, medical device manufacturers, clinicians who are operating the systems, and patients.

Specifically, from a medical device perspective that could include steps like addressing security during the design and development of medical devices, voicing manufacturer responsibilities and fostering a "Collaborative and coordinated approach to information sharing and risk assessment."

News URL

https://threatpost.com/hackers-cashing-in-on-healthcare-industry-security-weaknesses/153238/