Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Healthcare technology advances opening up new attack vectors

Joe Green, Head of Systems Engineering-Asia Pacific at Palo Alto Networks | Jan. 8, 2016
A rise in the number of cyberattacks on the healthcare industry in 2015 exposed vulnerabilities and risks that were previously not in the spotlight, says Sean Duca of Palo Alto Networks.

The danger, however, is that security tends to be an afterthought in the development of IoT devices used in healthcare. If this remains the case, the healthcare industry runs of the risk of these devices being compromised by two types of attackers: those interested in profiting (by stealing health data) and those who desire to impact patient safety just because they can.

The healthcare providers who will be least impacted are those who adopt strict security standards for their medical devices and make efforts to reduce risk by segmenting their network-connected medical devices.

Healthcare organisations will begin to move critical applications and infrastructure to the cloud
"Cloud" has been a buzzword in healthcare IT for years now as industry leadership strategises to adopt such technology that has significant opportunities for cost savings, performance and scalability.

2016 will be a transition year for many healthcare organisations that will migrate a portion of their critical infrastructure and applications to the private cloud by the end of the year.

Healthcare providers will begin to deploy certain elements of critical infrastructure to cloud services like Amazon Web Services and virtualise things like Active Directory domain controllers and next-generation firewalls.

Cloud-based file sharing and collaboration sites like Box.com will become more prevalent in the healthcare industry, as users urge leadership to provide an easier method to share data.

Attackers will look to mobile devices as the next best vector into healthcare networks
With Asia Pacific becoming more tech-savvy, the healthcare industry has begun to explore and implement mobile technologies to improve patient care. In a region where the population is ageing rapidly, mobile devices are leading to the consumerisation of healthcare by making services more convenient and accessible.

Mobile devices are already being effectively used for tracking patient information and accessing records, introducing a slew of new risks. Most notably: 1) The ability of these devices to connect to unsecured public Wi-Fi allows eavesdropping, and 2) Normally benign mobile apps can be poisoned with malicious code, such as the recent discovery of XCodeGhost by Palo Alto Networks Unit 42, which allows the attacker to phish passwords and URLs through infected iPhone apps.

Healthcare is already a targeted industry for attackers, and as mobile devices are becoming more integrated into patient care services, it's only a matter of time before they become a popular vector to steal health records.

The best mitigation for the risks outlined in these healthcare cybersecurity predictions is a combination of improving both security processes and security technology. Finally, improving cybersecurity awareness and education amongst healthcare professionals will be key to preventing breaches in the healthcare industry in 2016.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.