Health data security: Ultrasound, MRI reports highly vulnerable to cyber crimes: McAfee
New Delhi: Health related electronic images such as ultrasounds, mammograms and MRIs are highly vulnerable to cyber crime, new research shows, even as the government prepares policies to secure health data of patients.
The Labs Threats Report March 2018 by McAfee, an independent cyber security company revealed that in 2017 the healthcare sector saw a 210% increase in publicly disclosed security incidents over 2016. McAfee Advanced Threat Research experts said that many of the incidents were caused by failure to comply with security best practices or to address vulnerabilities in medical software.
“Because much of the imaging equipment in use by medical facilities does not align with security best practices, acquisition gateways are placed in the network to enable the digital exchange of the images. The amount of old software used in implementations of PACS servers and the amount of vulnerabilities discovered within the software itself are concerning,” the report said.
The report stated that through artificial intelligence (AI) pictures could be studied to determine how long a person will live. Research experts in the report raised doubts that criminals could obtain that information and use it for extortion.
“We understand the need for quickly sharing medical data for diagnosis and treatment and for storing medical images. We advise health care organizations to be careful when sharing images on open directories for research purposes and to at least scrape the personally identifiable information (PII) data from the images that could potentially identify a specific individual,” the researchers in the report said.
The report has also recommended that organizations using PACS should ask their vendors about its security features. “Employ a proper network design in which the sharing systems are properly secured. Think not only about internal security but also about the use of virtual private network (VPNs) and two-factor authentication when connecting with external systems,” the report recommended.
Apart from cyber crimes in healthcare sector, Cryptocurrency mining and ransomware have also been identified as the growing areas for cyber crimes in 2017. According to the report, there was a 59% increase in ransomware year over year in 2017, including 35% growth in Q4 alone. Ransomware is a malware that encrypts content on infected systems and demands payment.
“Cybercriminals often seek to maliciously introduce malware that will either use a victim’s computing power to mine for coins or simply locate and steal the user’s cryptocurrency,” the report said.