(L-R) Jesmond Chang, Head of Corporate Communications, APAC, Kaspersky; Denis Makrushin, Security Architect at Ingram Micro;  Yury Namestnikov, Head of Global Research and Analysis Team (GReAT) Russia at Kaspersky; and Vitaly Kamluk, Director, GReAT APAC, Kaspersky

 

Amongst the countries which logged the most number of attacks are Pakistan (54%), Egypt (53%), Mexico (47%), Indonesia (46%), and Spain (45%). Four more countries from the Asia Pacific region cap off the top 15 nations with the highest percent of devices infected. These include India, Bangladesh, Hong Kong, and Malaysia with more or less 4-in-10 machines with detected malicious attempts.

 

“While it is a known fact that money-hungry cybercriminals can easily earn by attacking banks, we also observe that these hackers as well as cyberespionage groups are slowly paying a lot of attention towards the industry of advanced medicine,” says Yury Namestnikov, Head of Global Research and Analysis Team (GReAT) Russia at Kaspersky.

 

“They are slowly realizing that pharmaceutical companies house a treasure trove of highly valuable data such as the latest drugs and vaccines, the newest researches, as well as medical secrets. The rise of internet-connected operational technology (OT) inside these pharmaceuticals also contributes to the widening attack surface inside this sector,” comments Namestnikov.

 

Among the Advanced Persistent Threat (APT) groups which have been waging sophisticated spying over pharmaceuticals globally include Cloud Atlas and APT10 also known as MenuPass.

 

“Based on our monitoring of several APT actors’ movements in the Asia Pacific and globally, we figured that these groups infect servers and exfiltrate data from pharmaceutical companies. Their attack techniques and behaviour also prove that these attackers’ apparent goal is to get their hands on intellectual properties related to the latest medical formulas and research results as well as the business plans of their victims,” adds Namestnikov.

 

Vulnerabilities in open source EMR-systems and its dangers

 

In his own research, Denis Makrushin, Security Architect at Ingram Micro, revealed the risks that come along with the steady migration of hospitals from paper-based data storage to electronic medical record (EMR) systems. Makrushin further notes that healthcare organizations, scrambling to digitize their data storage, see open source EMR web-portals as an easy and quick option, despite their known security challenges.

 

“We are seeing lesser printed or hand-written medical books inside hospitals and clinics worldwide with the advent of open source. Given their limited internal IT workforce, healthcare institutions opt to use convenient services such as OpenEMR, OpenMRS or similar web applications. This technology’s rapid adoption triggers the rise of the threats against this widely-used services,” says Makrushin,

 

OpenEMR and OpenMRS are open platforms for medical practice management. Any organization can use this product for business without any restrictions. The source code of this product is also available for any developer. In addition, this software has certifications from trusted organizations (for example OpenEMR is ONC Complete Ambulatory HER certified).

 

“Their free and open nature make these EMR-applications highly sensitive to cyberattacks. There have been a lot of security patches released as researchers unmask one exploit after another. I, myself, have discovered vulnerabilities in these applications, hackers can inject malicious code at the initial stage of registration, and portray himself as a patient. From this, malicious actors can infect the portal’s page and collect medical information from all users of the portal, including doctors and admins. These data can be easily exfiltrated,” he adds.

 

To securely use this platform, Makrushin suggests healthcare facilities to:

 

  • Conduct secure software development lifecycle (Secure SDLC)
    • Regularly perform architecture analysis, conduct penetration testing, security code review on systems being use
  • Control the attack surface
    • Periodically update your installed software and remove unwanted applications
    • Try to remove all exposure nodes that process medical data
  • Raise security awareness for every person involved
    • Conduct regular cybersecurity awareness training for all staff and even patients

RECOMMENDED ARTICLE FOR TECHWORLD


 
Almost Every Second Industrial Computer Was Subjected to Malicious Cyber Activity in 2018
Techworld Date Posted: 24 April 2019 4:23 PM | 175 Views
In 2018, Kaspersky Lab detected and prevented activity by malicious objects on almost half of Industrial Control System (ICS) computers protected by the company’s products and defined as part of an organization’s industrial infrastructure..... See More
 
Almost Every Second Industrial Computer Was Subjected to Malicious Cyber Activity in 2018
Techworld Date Posted: 4:23 PM | 175 Views
In 2018, Kaspersky Lab detected and prevented activity by malicious objects on almost half of Industrial Control System (ICS) computers protected by the company’s products and defined as part of an organization’s industrial infrastructure....See More

 
Nokia Unites with JUSTICE LEAGUE to Power Up #Bothie Experience
Techworld Date Posted: 17 November 2017 11:47 AM | 174 Views
Philippines, 17 November 2017 – HMD Global, the home of Nokia phones, unites with the blockbuster film JUSTICE LEAGUE to power up its range of Android smartphones - the Nokia 3, 5, and 6,.... See More
 
Nokia Unites with JUSTICE LEAGUE to Power Up #Bothie Experience
Techworld Date Posted: 11:47 AM | 174 Views
Philippines, 17 November 2017 – HMD Global, the home of Nokia phones, unites with the blockbuster film JUSTICE LEAGUE to power up its range of Android smartphones - the Nokia 3, 5, and 6,...See More

 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 27 June 2018 1:17 PM | 827 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the.... See More
 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 1:17 PM | 827 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the...See More

 
Are Data Breaches Stressing You Out?
Techworld Date Posted: 12 July 2018 1:11 PM | 143 Views
Common wisdom holds that the most stressful things a person might face in life are moving house, getting fired, or going through a divorce. In the grand scheme of things, stress caused by data.... See More
 
Are Data Breaches Stressing You Out?
Techworld Date Posted: 1:11 PM | 143 Views
Common wisdom holds that the most stressful things a person might face in life are moving house, getting fired, or going through a divorce. In the grand scheme of things, stress caused by data...See More

 
Social exposure: examining the underlying insecurities in the future of robotics
Techworld Date Posted: 24 October 2019 8:53 AM | 262 Views
Social exposure: examining the underlying insecurities in the future of robotics. See More
 
Social exposure: examining the underlying insecurities in the future of robotics
Techworld Date Posted: 8:53 AM | 262 Views
Social exposure: examining the underlying insecurities in the future of roboticsSee More

 
Stranger Danger A Third of Consumers Would Sell Their Private Data to Someone They Don’t Know
Techworld Date Posted: 24 April 2019 4:39 PM | 180 Views
Reckless data sharing online for short-term gains is leaving consumers exposed to more than they bargained for, according to new research from Kaspersky Lab1. Despite outrage and worry around high profile data sharing scandals,.... See More
 
Stranger Danger A Third of Consumers Would Sell Their Private Data to Someone They Don’t Know
Techworld Date Posted: 4:39 PM | 180 Views
Reckless data sharing online for short-term gains is leaving consumers exposed to more than they bargained for, according to new research from Kaspersky Lab1. Despite outrage and worry around high profile data sharing scandals,...See More

 
Digital Transformation (DX) Leads the Philippines Outsourcing Market to Hit US$500 Million by 2021
Techworld Date Posted: 24 August 2017 10:16 AM | 616 Views
The total outsourcing services spending in the Philippines is expected to exceed US$500 million by 2021, according to the latest forecast from theIDC APeJ Semiannual Services Tracker. Enterprises' Digital Transformation (DX) initiatives, as well.... See More
 
Digital Transformation (DX) Leads the Philippines Outsourcing Market to Hit US$500 Million by 2021
Techworld Date Posted: 10:16 AM | 616 Views
The total outsourcing services spending in the Philippines is expected to exceed US$500 million by 2021, according to the latest forecast from theIDC APeJ Semiannual Services Tracker. Enterprises' Digital Transformation (DX) initiatives, as well...See More

 
Take Your Vlogging Passion to the Next Level with Smart Play: Vlogger Camp!
Techworld Date Posted: 9 August 2019 9:10 AM | 303 Views
Take Your Vlogging Passion to the Next Level with Smart Play: Vlogger Camp!. See More
 
Take Your Vlogging Passion to the Next Level with Smart Play: Vlogger Camp!
Techworld Date Posted: 9:10 AM | 303 Views
Take Your Vlogging Passion to the Next Level with Smart Play: Vlogger Camp!See More

 
Personal Devices at Work
Techworld Date Posted: 15 August 2019 9:27 AM | 328 Views
Personal Devices at Work. See More
 
Personal Devices at Work
Techworld Date Posted: 9:27 AM | 328 Views
Personal Devices at WorkSee More

 
Realme Holds Biggest Flash Sale to Date at Shopee Brand Day
Techworld Date Posted: 9 August 2019 6:10 PM | 253 Views
Realme Holds Biggest Flash Sale to Date at Shopee Brand Day. See More
 
Realme Holds Biggest Flash Sale to Date at Shopee Brand Day
Techworld Date Posted: 6:10 PM | 253 Views
Realme Holds Biggest Flash Sale to Date at Shopee Brand DaySee More


Power by

Download Free AZ | Free Wordpress Themes