SoylentNews is people
SoylentNews
Hospitals are at a high risk of cyberattacks, but patients don't realize it:
Information technology experts are worried about increasing rates of ransomware attacks on healthcare organizations. Most patients, though, don't know they're happening, according to a new survey.
Southern Ohio Medical Center, a not-for-profit hospital in Portsmouth, Ohio, canceled appointments for today and is diverting ambulances after it was hit by a cyberattack on Thursday. It's part of a series of escalating attacks on healthcare organizations in the past two years — a trend that could have serious consequences for patient care.
But while information technology experts are well aware that the risk of cyberattacks that compromise patient data and shut down computer systems is on the rise, patients don't seem to be, according to a new report by cybersecurity company Armis. In fact, over 60 percent of people in the general public surveyed in the new report said they hadn't heard of any cyberattacks in healthcare in the past two years.
That's despite a doubling of cyberattacks on healthcare institutions in 2020, high-profile incidents like the attack on hospital chain Universal Health Services, and a major threat from groups using the ransomware Ryuk. The magnitude of attacks during the COVID-19 pandemic shocked experts, who said that ransomware gangs were targeting hospitals more aggressively than they had before. Unlike attacks on banks or schools, which are also common, these attacks have the potential to directly injure people.
(Score: 3, Informative) by MostCynical on Wednesday November 17 2021, @10:42PM (1 child)
medical equipment with attached pc for control, installed 10 years ago, state-of-the-art multi-million dollar machinery or just an inventory system for the pharmacy... proprietary software not updated since the day it was installed (and now no longer supported)
find if this is a stand-alone device - but images, scans, and scripts need to be transferred between devices and the rest of the hospital.. so we need 'holes' - shared file storage space, apis, "transfer modules", and then ... the device is effectively connected to the www..
"chase the sun" diagnosis (sending scans and files to a specialist somewhere else on the planet, who happens to be awake at 2am your local time) is great - but attachments and all that proprietary interface stuff also require more holes in the firewalls... (or Big Doctor needs system to work.. and yet another port is opened)
Air-gapping the systems is too hard (even one extra step is resented by medical staff "trying to save lives") - so they will just use a USB thumb drive and move stuff...
fixing humans is hard
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by bzipitidoo on Friday November 19 2021, @04:25AM
One ingredient you all left out, for US hospitals, is HIPAA. HIPAA is the goto excuse for why a hospital can't do something. Use open source? Might violate HIPAA! Upgrade a system? Not if the new system isn't certified as HIPAA compliant!