The shady group that stole hacking tools from the US Government and leaked them online where they were used to create the global WannaCry malware crisis, claims it will dump more data in June unless it gets paid. But this time, medical devices and patients’ lives could be at greater risk.
In the wake of WannaCry, TheShadowBrokers posted an announcement threatening to release more National Security Agency hacking tools in June, including those that could expose compromised network data from Russian, Chinese, Iranian, or North Korean nuclear and missile programs, as well as vulnerabilities in web browsers, routers and mobile devices.
“In June, TheShadowBrokers is announcing "TheShadowBrokers Data Dump of the Month" service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members,” the statement said.
Richard Staynings, Cisco’s global healthcare cybersecurity expert, said embedded medical devices could be particularly vulnerable to an attack.
“You’re going to see all kinds of other embedded implements attacked. Building management systems, cars, all kinds of machinery. That is a big concern, particularly in the healthcare environment because we have so many embedded systems,” he said.
Healthcare organisations have the opportunity to heed the warning and prepare but have typically been resistant to prioritising cybersecurity.
“Hospital administrators by and large are physicians so they understand medicine, they understand patient care. They’re very, very good at what they do but they don’t necessarily have a good understanding of the cybersecurity risk or IT,” Staynings told Healthcare IT News Australia.
“And consequently we see decisions to spend available cash on a new CT scanner or an X-ray machine or a new outpatient clinic or some other form of highly tangible, highly visible benefit to the community.”
But denial of service attacks can lead to life or death situations when devices such as morphine pumps, telemetry systems and MRI machines are knocked offline.
“There is a direct link between system availability and patient mortality. How many patients have expired while they are waiting for rescheduled surgeries as a result of recent attacks? How many patients’ conditions greatly declined as a result of not receiving timely medical care? These are questions we need to ask,” he said.
“Patients are dying as a result of cyber attack.”
Staynings said he hopes WannaCry will adjust the paradigm.
“Hopefully it’s the wake-up call for senior executives, particularly in the healthcare industry around the world, to understand security really needs to be a priority for them. Not just because of data threat but because of the availability of IT systems, essentially.”
In addition to patching, investments need to be made in threat intelligence, proactive threat hunting and security incident response, Staynings said, and he warned healthcare organisations to underestimate hackers at their peril.
“Hackers are smarter than most people think.”