After an analysis, researchers discovered a lot of devices being used by healthcare facilities are outdated when it comes to the software that they are operating. Running off of legacy software such as Windows 2000 is dangerous, simply based on the fact it stopped receiving security patches almost nine years ago. The researchers who discovered this problem were able to make their way into the system pretty easily and complete tasks like injecting ransomware and altering information. They even had access to patient records and images. With access to these resources, hackers can obtain services, prescriptions and even government benefits or simply sell the information for upwards of $60 on dark web forums. Cyber criminals have been fans of attempting to take data from healthcare facilities for a long time now and the reason is clear–they hold a lot of data. The researchers described this by saying, “Although there are many articles describing the personal danger of cyber-attacks to patients, the financial damage is far more realistic and is what lies at the heart of cyber-attacks on the healthcare industry.” It will be interesting to see if medical practices change their ways and update their systems after the news of these vulnerabilities.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased