Un virus complètement différent
Un bref aperçu de la bataille en cours pour endiguer la vague de cyber-incursion dans le secteur de la santé.
In addition to subversive hacking in the business world, where private information can be compromised and sensitive company data absconded with, cybersecurity measures are now employed to negate the effects of hacking by foreign entities, used a political weapon. It is an increasingly serious global problem, and one that has necessitated the implementation of advanced cybersecurity methodologies to counteract the increasingly sophisticated capabilities of hackers to subvert these very systems.
“In recent years, cybersecurity has been a growing concern in healthcare, with high-profile cyber-attacks and vulnerabilities causing disruptions for insurers, hospitals, and medical device makers. The stakes for patients are high too as patient data could be lost or tampered with, hospital services interrupted, or patients harmed through attacks targeting specific devices … “ 1
Intervention du gouvernement pour lutter contre la cybercriminalité
The rapid digitization of the healthcare industry makes this sector particularly vulnerable to cyber attack, and this fact has not been lost on the US Congress. The House Energy and Commerce Committee recently convened to address cybersecurity in the health sector. Information Sharing and Analysis Centers (ISACS) may be key in providing enhanced security for healthcare providers and in thwarting efforts of would-be cyber attackers.
Through the interactive efforts of the 24 organizations that comprise the National Council of ISACs (NCI), great efforts are being made to “maximize information flow across the private sector critical infrastructures and with government. Critical infrastructure sectors and subsectors that do not have ISACs are invited to contact the NCI to learn how they can participate in NCI activities.”2
It is, of course, a Herculean undertaking to strengthen the partnership between public and private entities in healthcare with regard to cybersecurity, considering the myriad industries and agencies of government that are responsible for regulating and delivering said healthcare. Congress has been encouraged to provide tax breaks and other incentives to prompt companies to get involved with the ongoing effort of ISACs.
Une faible participation entrave la mise en œuvre de la cybersécurité
Unfortunately, poor participation rates among healthcare facilities have been a persistent problem in the ongoing efforts to implement effective cybersecurity measures across the sector. According to Terry Rice, vice president of IT risk management and chief information security officer at Merck, “companies may be hesitant to share information within an ISAC if they fear the information will not remain confidential to its members.”3
“I think the most shocking statistic was really the fact that 40% of the individuals at the top of an organization–executives like CEOs and CIOs, and even board members–didn’t feel personally responsible for cybersecurity or protecting the customer data.” Dave Damato, Chief Security Officer at Tanium, on CNBC’s Squawk Box, parlant de la cybersécurité dans le secteur de la santé 13
Le coût élevé de la cybercriminalité dans le secteur de la santé
Aside from the obvious threat of compromised patient information and other incidents of data theft, failures of cybersecurity are incredibly expensive, to the tune of $6.2 billion annually, according to a 2016 research project conducted by the Poneman Institute. Insights revealed in their studies revealed that “nearly 90 percent of the healthcare organizations … had endured a data breach during the previous two years. Forty-five percent had more than five data breaches in that period, with the average cost of a cyber attack totaling $2.2 million. The data contained in electronic health records (EHRs) is often cited as the reason healthcare is such an attractive target in the eyes of a hacker.”4
As secure as people like to believe their health information is in the possession of their doctor’s office or hospital, it is often not the case. The ongoing digitization of health records has been an expensive proposition for the healthcare industry. Securing all that information is another monumental expense, and sometimes this part of the cybersecurity equation has been neglected in the interest of cost-savings, or just by the large-scale nature of the overall endeavor.
La nature lucrative du cybervol dans le secteur de la santé
Of course, health records are a hot commodity on the black market, and they can fetch top dollar from parties seeking to obtain personal information, billing addresses, and credit card numbers. Hacking can be a very lucrative enterprise, indeed. Consider this example. “Hackers made off with more than 2.2 million patient records from Fort Myers, Florida-based 21st Century Oncology in March of 2016. A month later, someone stole a laptop with 205,748 unsecured patient records on it from Premier Healthcare, LLC.” 5
L'avènement des ransomwares
Ransomware est un nouveau terme pour la plupart des gens, se familiarisant avec les récentes attaques WannaCry déclenchées à l'échelle mondiale, paralysant les systèmes d'infrastructures critiques et obtenant d'importantes rançons financières de la part de ceux qui ont été victimes de l'anxiété et de la perte potentielle de données caractéristiques de telles attaques. Le secteur de la santé en particulier est particulièrement vulnérable aux incursions de ransomwares.
« Les hôpitaux sont la cible idéale pour ce type d’extorsion, car ils fournissent des soins intensifs et s’appuient sur des informations à jour provenant des dossiers des patients. Sans un accès rapide aux antécédents médicamenteux, aux directives chirurgicales et à d’autres informations, les soins aux patients peuvent être retardés ou interrompus, ce qui rend les hôpitaux plus susceptibles de payer une rançon plutôt que de risquer des retards pouvant entraîner la mort et des poursuites. 6
Ransomware malware, in effect, locks up a computer and makes data inaccessible unless a ransom is paid to the perpetrator. Usually, this payment is made in the form of Bitcoin. In most instances, a time limit is established for the ransom to be paid, otherwise the computers data will be destroyed. Though most stricken parties don’t pay the ransom, enough do to make it a particularly lucrative criminal enterprise.
The healthcare industry has been vulnerable to ransomware attacks because, surprisingly, many hospitals have taken inadequate steps to prevent cybersecurity breeches. Instead, most hospitals have focused their primary concern on meeting HIPAA compliance and meeting federal guidelines to ensure the security of patient information. Ultimately, most employees in healthcare are simply not trained well enough to recognize and thwart cyber attacks before they occur. Even when adequate training and cybersecurity measures are in place, it is a continuous challenge to outwit perpetrators who constantly remain one step ahead of the game.
Les appareils IoT sont également menacés
To add a layer of seriousness to the present situation, cyber attacks can affect not only computers, but devices that are connected to them, as well. Medical tools, heart and glucose monitors are but a few examples of devices vulnerable to cyber attack. Vice-President Dick Cheney famously demanded that his pacemaker be made safe from cyber attack, lest those with ill-intent not manipulate the function of his device remotely. Quite frankly, interference with such devices can be deadly for the patients who depend on them to live.
À titre d'exemple de piratage médical : « Dans un exploit actuellement utilisé, connu sous le nom de MedJack, les attaquants injectent des logiciels malveillants dans des dispositifs médicaux pour ensuite se propager sur un réseau. Les données médicales découvertes lors de ce type d’attaques peuvent être utilisées à des fins de fraude fiscale ou d’usurpation d’identité, et peuvent même être utilisées pour suivre les prescriptions actives de médicaments, permettant aux pirates informatiques de commander des médicaments en ligne pour ensuite les revendre sur le dark web. 7
"No patients have, as far as I know, been killed due to a hacked pacemaker, but patients have been killed due to malfunction[s] of their medical devices, configuration errors, and software bugs. This means that security research in the form of pre-emptive hacking, followed by coordinated vulnerability disclosure and vendor fixes, can help save human lives.» Marie Moe, chercheuse en sécurité au SINTEF, dans «Allez-y, hackers. Briser mon coeur» (Filaire)13
La FCC a maintenant suggéré que les fournisseurs IoT de dispositifs médicaux intègrent des mesures de sécurité dans les produits qu'ils fabriquent ; le mot clé y étant suggéré. En fait, instaurer des pratiques et des exigences de sécurité obligatoires pour ces fabricants prend du temps. En outre, les réseaux chargés de relayer les données entre les appareils et les bases de données ont également un besoin critique de mise en œuvre et de surveillance de la cybersécurité.
Un nouveau président, un nouvel ordre
There was much speculation as to how the Trump administration would address issues of cybersecurity. On May 11, 2017, the president signed an executive order that mandated a review of the nation’s overall abilities to combat criminal cyber-activity. The order places the brunt of responsibility concerning cybersecurity on federal agencies which were to do risk assessments and turn in their respective reports within 90 days. Additional reports examining critical infrastructure risks were due six months after the president’s order was issued.
« L'ordonnance appelle à une révision de la menace posée par les botnets, qui ciblent les sites Web dont le trafic de spam est généré automatiquement. Le Botnet Mirai a été responsable d’importantes pannes d’Internet l’année dernière. Mais Access Now affirme que l'ordonnance devrait également aborder le processus gouvernemental de divulgation des vulnérabilités et sa réponse aux violations de données.
There is no overall preventative measure or measure that can eliminate the risk of cyber attacks. Rather, hospitals, clinics, and private practices can only hope to work together and manage the continuous risks in the interest of protecting the private information and the general safety of their patients. Concurrently, continuous technological advancements will hopefully address the vulnerability of medical devices and computer networks.
Cet effort visant à freiner les effets potentiellement désastreux de la cybercriminalité dans le secteur de la santé et au-delà s’étend bien au-delà des États-Unis. Un effort mondial est actuellement en cours pour endiguer la vague de cyberattaques dans le monde, ou du moins pour minimiser l'impact de ce qui semble être un effort incessant de la part des cybercriminels pour infiltrer les systèmes de santé, faire des ravages et extorquer autant que possible. , à des fins néfastes.
Motivations politiques des cyberattaques
With the hostile political climate that exists between North Korea and virtually every other country in the civilized world, it is not surprising that the rogue nation has been cited as a probably offender in the recent WannaCry ransomware attacks, and other ill-willed endeavors undertaken for political reasons and for the purposes of financial extortion.
« Des chercheurs en cybersécurité ont trouvé des indices techniques qui, selon eux, pourraient relier la Corée du Nord à la cyberattaque mondiale « ransomware » WannaCry qui… infecté plus de 300 000 machines dans 150 pays. Symantec and Kaspersky Lab said … some code in an earlier version of le logiciel WannaCry étaient également apparus dans des programmes utilisés par le groupe Lazarus, que les chercheurs de nombreuses entreprises ont identifié comme une opération de piratage informatique dirigée par la Corée du Nord. 10
Tous les experts ne pensent pas que l’attaque du ransomware WannaCry ait été motivée par des raisons financières. Certains, comme Matthew Hickey du cyber-consultant britannique Hacker House, estiment que les auteurs espéraient simplement « causer le plus de dégâts possible ». Cela a certainement été le cas dans les pays les plus touchés par l’attaque, notamment l’Inde, Taiwan, l’Ukraine et la Russie.
Certains, comme le dirigeant russe Vladimir Poutine, ont blâmé la NSA pour ce qu’il prétend être son rôle dans les attaques du ransomware WannaCry. La technologie WannaCry serait « basée sur un outil divulgué tirant parti d’une faille de sécurité dans Windows qui semble provenir de la NSA. "Nous sommes pleinement conscients que les génies, en particulier ceux créés par les services secrets, pourraient nuire à leurs propres auteurs et créateurs s'ils étaient libérés de la bouteille", a déclaré Poutine à Pékin. selon le service d'information public russe Tass.» 11
“This next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround himself with experts that can expedite the allocation of potent layers of next-generation defenses around our targeted critical infrastructure silos.” James Scott, Senior Fellow, Institute for Critical Infrastructure Technology 14
Tendances dans la lutte contre les cyber-incursions dans le secteur de la santé
Obviously, the threat of cybersecurity breaches across all sectors of business and industry will not abate. In healthcare, there will be an ongoing and incessant need to improve technology and overall vigilance to avoid disastrous incidents in the future. Certain protective trends are emerging that might be seen as the future of cybercrime deterrence in healthcare.
At the top of the list is an increasing migration to cloud-based information security tools. This move “will allow the tools to be updated more dynamically to address zero-day type malware. This move to the cloud should ultimately make it more economical to make these tools available to all healthcare providers – large and small.” 12
In addition, the healthcare industry will be forced to encourage increased information sharing and collaboration across health networks and between facilities. This mutual cybersecurity effort will be difficult to instigate as health institutions are often quite insular by nature. It is predicted that this sharing of information will reach beyond healthcare to include many sectors of business and institutional endeavors to minimize risks for all involved.
Ultimately, the effort to negate the dangers of cybersecurity breaches, ransomware, and new and emerging threats in this arena will come down to education and awareness on all employee levels in healthcare and beyond. When everyone is well-educated and made to see warning signs of cyber-risks and what they can do to be part of an overarching effort to stem the tide of cyber-incursion, the healthcare industry and all protectors of civilized information sharing around the globe will continue to make meaningful strides towards limiting the damaging effects of cybercrime in all sectors.
AI-Driven Website Security: WP Safe Zone for Healthcare
In the healthcare sector, where sensitive patient data is a prime target for cyberattacks, robust website security is critical. The rise of AI in cybersecurity is providing powerful solutions to combat these threats. One standout example is the WP Safe Zone plugin, tailored for WordPress websites.
WP Safe Zone utilizes artificial intelligence to protect websites from malware, brute force attacks, and unauthorized access. Its AI algorithms constantly monitor and adapt to emerging threats, ensuring real-time protection for healthcare organizations’ online platforms.
As cyber risks in healthcare continue to grow, tools like WP Safe Zone demonstrate how AI can safeguard critical systems, ensuring both data security and compliance with strict regulations.
Nous pouvons vous aider dans vos efforts de cybersécurité
SIS International Research a passé des décennies à interagir avec le secteur de la santé à plusieurs niveaux, depuis les cabinets familiaux indépendants jusqu'aux réseaux de santé monolithiques et à plusieurs niveaux. Notre compréhension unique des défis auxquels sont confrontées les entreprises et les institutions du secteur de la santé est sans précédent. Nous fournissons des recherches et des renseignements sur les parties prenantes[/fusion_text][fusion_text]
Nos solutions incluent :
Aujourd’hui, face à la complexité accrue de la menace imposée par la cybercriminalité croissante visant nos établissements de santé les plus vénérés et les patients qu’ils servent, nous considérons notre rôle avec le plus grand sérieux. En tant qu'entreprise fière de comprendre l'importance et la nature multiforme du secteur de la santé, nous continuerons à servir les pratiques, les installations et les organisations liées à la santé avec les mêmes capacités de recherche complètes et de haute qualité auxquelles nos clients sont parvenus. attendre et exiger. De cette manière, nous espérons contribuer à aider la communauté médicale à comprendre et à combattre la menace très réelle et sérieuse des cyberattaques dans le secteur de la santé.
Les ressources suivantes ont été utilisées dans la compilation de cette recherche :
http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf
https://www.nationalisacs.org/
http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf
https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017
https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017
https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
https://techcrunch.com/2017/05/11/trump-signs-long-delayed-executive-order-on-cybersecurity/
http://www.healthcareitnews.com/news/top-10-cybersecurity-must-haves-2017
http://www.dingit.tv/highlight/1441974?utm_source=Embedded&utm_medium=Embedded&utm_campaign=Embedded
www.healthcareitnews.com/blog/3-trends-shaping-future-cybersecurity
https://www.forbes.com/sites/danmunro/2016/12/18/top-ten-healthcare-quotes-for-2016/#5f47fb6b127f
http://www.goodreads.com/quotes/tag/cyber-security
FR 
EN 
AR 
ZH 
ZH_HK 
NL 
DE 
IT 
JA 
KO 
PL 
PT 
ES 
TH 
HI