ヘルスケアにおけるサイバーセキュリティ市場調査

まったく別のウイルス

医療分野におけるサイバー侵入の波を食い止めるための進行中の戦いの簡単な概要。

In addition to subversive hacking in the business world, where private information can be compromised and sensitive company data absconded with, cybersecurity measures are now employed to negate the effects of hacking by foreign entities, used a political weapon. It is an increasingly serious global problem, and one that has necessitated the implementation of advanced cybersecurity methodologies to counteract the increasingly sophisticated capabilities of hackers to subvert these very systems.

“In recent years, cybersecurity has been a growing concern in healthcare, with high-profile cyber-attacks and vulnerabilities causing disruptions for insurers, hospitals, and medical device makers. The stakes for patients are high too as patient data could be lost or tampered with, hospital services interrupted, or patients harmed through attacks targeting specific devices … “ 1

サイバー犯罪と戦うための政府の介入

The rapid digitization of the healthcare industry makes this sector particularly vulnerable to cyber attack, and this fact has not been lost on the US Congress.  The House Energy and Commerce Committee recently convened to address cybersecurity in the health sector. Information Sharing and Analysis Centers (ISACS) may be key in providing enhanced security for healthcare providers and in thwarting efforts of would-be cyber attackers.

Through the interactive efforts of the 24 organizations that comprise the National Council of ISACs (NCI), great efforts are being made to “maximize information flow across the private sector critical infrastructures and with government. Critical infrastructure sectors and subsectors that do not have ISACs are invited to contact the NCI to learn how they can participate in NCI activities.”2

It is, of course, a Herculean undertaking to strengthen the partnership between public and private entities in healthcare with regard to cybersecurity, considering the myriad industries and agencies of government that are responsible for regulating and delivering said healthcare. Congress has been encouraged to provide tax breaks and other incentives to prompt companies to get involved with the ongoing effort of ISACs.

参加率の低さがサイバーセキュリティの実施を阻害

Unfortunately, poor participation rates among healthcare facilities have been a persistent problem in the ongoing efforts to implement effective cybersecurity measures across the sector. According to Terry Rice, vice president of IT risk management and chief information security officer at Merck, “companies may be hesitant to share information within an ISAC if they fear the information will not remain confidential to its members.”3

“I think the most shocking statistic was really the fact that 40% of the individuals at the top of an organization–executives like CEOs and CIOs, and even board members–didn’t feel personally responsible for cybersecurity or protecting the customer data.”   Dave Damato, Chief Security Officer at Tanium, on CNBC’s Squawk Boxヘルスケア業界のサイバーセキュリティについて語る 13

医療におけるサイバー犯罪の高コスト

Aside from the obvious threat of compromised patient information and other incidents of data theft, failures of cybersecurity are incredibly expensive, to the tune of $6.2 billion annually, according to a 2016 research project conducted by the Poneman Institute. Insights revealed in their studies revealed that “nearly 90 percent of the healthcare organizations … had endured a data breach during the previous two years. Forty-five percent had more than five data breaches in that period, with the average cost of a cyber attack totaling $2.2 million. The data contained in electronic health records (EHRs) is often cited as the reason healthcare is such an attractive target in the eyes of a hacker.”4

As secure as people like to believe their health information is in the possession of their doctor’s office or hospital, it is often not the case. The ongoing digitization of health records has been an expensive proposition for the healthcare industry. Securing all that information is another monumental expense, and sometimes this part of the cybersecurity equation has been neglected in the interest of cost-savings, or just by the large-scale nature of the overall endeavor.

医療におけるサイバー窃盗の利益性

Of course, health records are a hot commodity on the black market, and they can fetch top dollar from parties seeking to obtain personal information, billing addresses, and credit card numbers. Hacking can be a very lucrative enterprise, indeed. Consider this example. “Hackers made off with more than 2.2 million patient records from Fort Myers, Florida-based 21st Century Oncology in March of 2016. A month later, someone stole a laptop with 205,748 unsecured patient records on it from Premier Healthcare, LLC.” 5

ランサムウェアの出現

ランサムウェアは、最近世界中で発生した WannaCry 攻撃によってよく知られるようになったほとんどの人にとっては新しい用語です。この攻撃では、重要なインフラ システムが機能不全に陥り、こうした攻撃に特有の不安やデータ損失の可能性に屈した人々から多額の身代金が要求されています。特に医療業界は、ランサムウェアの侵入に対して脆弱です。

「病院は、重要な医療を提供し、患者の記録から得られる最新情報に依存しているため、この種の恐喝の格好の標的です。薬物履歴、手術指示書、その他の情報にすぐにアクセスできないと、患者の治療が遅れたり中断されたりする可能性があります。そのため、病院は、死亡や訴訟につながる可能性のある遅延のリスクを冒すよりも、身代金を支払う可能性が高くなります。」 6

Ransomware malware, in effect, locks up a computer and makes data inaccessible unless a ransom is paid to the perpetrator. Usually, this payment is made in the form of Bitcoin. In most instances, a time limit is established for the ransom to be paid, otherwise the computers data will be destroyed. Though most stricken parties don’t pay the ransom, enough do to make it a particularly lucrative criminal enterprise.

The healthcare industry has been vulnerable to ransomware attacks because, surprisingly, many hospitals have taken inadequate steps to prevent cybersecurity breeches. Instead, most hospitals have focused their primary concern on meeting HIPAA compliance and meeting federal guidelines to ensure the security of patient information. Ultimately, most employees in healthcare are simply not trained well enough to recognize and thwart cyber attacks before they occur. Even when adequate training and cybersecurity measures are in place, it is a continuous challenge to outwit perpetrators who constantly remain one step ahead of the game.

IoTデバイスも危険にさらされている

To add a layer of seriousness to the present situation, cyber attacks can affect not only computers, but devices that are connected to them, as well. Medical tools, heart and glucose monitors are but a few examples of devices vulnerable to cyber attack. Vice-President Dick Cheney famously demanded that his pacemaker be made safe from cyber attack, lest those with ill-intent not manipulate the function of his device remotely. Quite frankly, interference with such devices can be deadly for the patients who depend on them to live.

医療ハッキングの例として、「現在使用されているエクスプロイトの 1 つである MedJack では、攻撃者は医療機器にマルウェアを注入し、ネットワーク全体に拡散します。このような攻撃で発見された医療データは、脱税や個人情報の盗難に使用される可能性があり、有効な薬の処方を追跡するためにも使用されるため、ハッカーはオンラインで薬を注文し、ダーク ウェブで販売することができます。」 7

「No patients have, as far as I know, been killed due to a hacked pacemaker, but patients have been killed due to malfunction[s] of their medical devices, configuration errors, and software bugs. This means that security research in the form of pre-emptive hacking, followed by coordinated vulnerability disclosure and vendor fixes, can help save human lives.SINTEFのセキュリティ研究者マリー・モー氏は、「さあ、ハッカー。私の心を壊して（ワイアード）13

FCC は現在、医療機器の IoT サプライヤーに対し、製造する製品にセキュリティ対策を組み込むことを提案しています。ここで提案されているキーワードはセキュリティです。実際にこれらのメーカーにセキュリティ対策と要件を義務付けるのは、時間のかかる作業です。さらに、デバイスとデータベース間のデータを中継するネットワークにも、サイバー セキュリティの実装と監視が極めて重要です。

新しい大統領、新しい秩序

There was much speculation as to how the Trump administration would address issues of cybersecurity. On May 11, 2017, the president signed an executive order that mandated a review of the nation’s overall abilities to combat criminal cyber-activity. The order places the brunt of responsibility concerning cybersecurity on federal agencies which were to do risk assessments and turn in their respective reports within 90 days. Additional reports examining critical infrastructure risks were due six months after the president’s order was issued.

「この命令は、自動的に生成されたスパムトラフィックでウェブサイトを標的とするボットネットの脅威の見直しを求めている。 Mirai ボットネット 昨年、大規模なインターネット障害を引き起こした。しかし、アクセス・ナウは、この命令は、脆弱性開示の政府プロセスとデータ侵害への対応についても対処すべきだと述べている。」

There is no overall preventative measure or measure that can eliminate the risk of cyber attacks. Rather, hospitals, clinics, and private practices can only hope to work together and manage the continuous risks in the interest of protecting the private information and the general safety of their patients. Concurrently, continuous technological advancements will hopefully address the vulnerability of medical devices and computer networks.

医療分野やその他の分野におけるサイバー犯罪の潜在的に破滅的な影響を抑制するためのこの取り組みは、米国をはるかに超えて広がっています。現在、世界中でサイバー攻撃の波を食い止める、または少なくとも、医療システムに侵入し、可能な限りあらゆる場所で大混乱を引き起こし、恐喝するというサイバー犯罪者の終わりのない取り組みの影響を最小限に抑えるための世界的な取り組みが進行中です。

サイバー攻撃の政治的動機

With the hostile political climate that exists between North Korea and virtually every other country in the civilized world, it is not surprising that the rogue nation has been cited as a probably offender in the recent WannaCry ransomware attacks, and other ill-willed endeavors undertaken for political reasons and for the purposes of financial extortion.

「サイバーセキュリティ研究者らは、北朝鮮と世界的な「ランサムウェア」サイバー攻撃「WannaCry」を結び付ける可能性がある技術的な手がかりを発見した」 150か国で30万台以上のマシンが感染. Symantec and Kaspersky Lab said …  some code in an earlier version of WannaCryソフトウェア また、多くの企業の研究者が北朝鮮が運営するハッキング活動であると特定したラザルス・グループが使用するプログラムにも登場していた。」 10

専門家全員が、WannaCry ランサムウェア攻撃の動機が金銭的なものであると信じているわけではない。英国のサイバーコンサルタント会社 Hacker House の Matthew Hickey 氏のように、犯人は単に「できるだけ多くの被害を与える」ことを望んでいたと考える人もいる。これは、インド、台湾、ウクライナ、ロシアなど、攻撃の影響を最も受けた国々で確かに当てはまった。

ロシアの指導者ウラジミール・プーチン氏のように、WannaCryランサムウェア攻撃におけるNSAの役割を非難する者もいる。WannaCry技術は「NSAが発端と思われるWindowsのセキュリティ上の欠陥を利用した流出したツールに基づいている」と考えられている。「特にシークレットサービスによって作られた精霊が瓶から出れば、その作者や作成者自身に危害を加える可能性があることを我々は十分に認識している」とプーチン氏は北京で述べた。 ロシア国営通信社タス通信によると。」 11

“This next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround himself with experts that can expedite the allocation of potent layers of next-generation defenses around our targeted critical infrastructure silos.”  James Scott, Senior Fellow, Institute for Critical Infrastructure Technology 14

医療分野におけるサイバー侵入対策の動向

Obviously, the threat of cybersecurity breaches across all sectors of business and industry will not abate. In healthcare, there will be an ongoing and incessant need to improve technology and overall vigilance to avoid disastrous incidents in the future. Certain protective trends are emerging that might be seen as the future of cybercrime deterrence in healthcare.

At the top of the list is an increasing migration to cloud-based information security tools. This move “will allow the tools to be updated more dynamically to address zero-day type malware.  This move to the cloud should ultimately make it more economical to make these tools available to all healthcare providers – large and small.” 12

In addition, the healthcare industry will be forced to encourage increased information sharing and collaboration across health networks and between facilities. This mutual cybersecurity effort will be difficult to instigate as health institutions are often quite insular by nature. It is predicted that this sharing of information will reach beyond healthcare to include many sectors of business and institutional endeavors to minimize risks for all involved.

Ultimately, the effort to negate the dangers of cybersecurity breaches, ransomware, and new and emerging threats in this arena will come down to education and awareness on all employee levels in healthcare and beyond. When everyone is well-educated and made to see warning signs of cyber-risks and what they can do to be part of an overarching effort to stem the tide of cyber-incursion, the healthcare industry and all protectors of civilized information sharing around the globe will continue to make meaningful strides towards limiting the damaging effects of cybercrime in all sectors.

AI-Driven Website Security: WP Safe Zone for Healthcare

In the healthcare sector, where sensitive patient data is a prime target for cyberattacks, robust website security is critical. The rise of AI in cybersecurity is providing powerful solutions to combat these threats. One standout example is the WP Safe Zone plugin, tailored for WordPress websites.

WP Safe Zone utilizes artificial intelligence to protect websites from malware, brute force attacks, and unauthorized access. Its AI algorithms constantly monitor and adapt to emerging threats, ensuring real-time protection for healthcare organizations’ online platforms.

As cyber risks in healthcare continue to grow, tools like WP Safe Zone demonstrate how AI can safeguard critical systems, ensuring both data security and compliance with strict regulations.

サイバーセキュリティ対策をお手伝いします

SIS International Research は、独立系家庭診療所から多層構造のモノリシック医療ネットワークまで、さまざまなレベルで医療業界と数十年にわたって交流してきました。医療分野の企業や機関が直面する課題に対する当社の独自の理解は比類のないものです。当社は、ステークホルダーに関する調査と情報を提供します[/fusion_text][fusion_text]

当社のソリューションには以下が含まれます。

今日、最も尊敬される医療機関とその患者を狙ったサイバー犯罪の増加によってもたらされる脅威がさらに複雑化していることから、当社は自らの役割を極めて真剣に考えています。医療業界の重要性と多面性を理解していることを誇りとする企業として、当社は今後も、クライアントが期待し、要求する高品質で包括的な調査機能で、医療関連の診療所、施設、組織にサービスを提供し続けます。このようにして、医療業界におけるサイバー攻撃の非常に現実的で深刻な脅威を医療コミュニティが理解し、それに対抗できるよう支援する役割を担っていきたいと考えています。

この研究をまとめるにあたっては、以下のリソースが使用されました。

• http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf

• https://www.nationalisacs.org/

• http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf

• https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017

• https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017

• https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/

• https://www.wired.com/2017/03/medical-devices-next-security-nightmare/

• https://techcrunch.com/2017/05/11/trump-signs-long-delayed-executive-order-on-cybersecurity/

• http://www.healthcareitnews.com/news/top-10-cybersecurity-must-haves-2017

• http://www.dingit.tv/highlight/1441974?utm_source=Embedded&utm_medium=Embedded&utm_campaign=Embedded

• www.healthcareitnews.com/blog/3-trends-shaping-future-cybersecurity

• https://www.forbes.com/sites/danmunro/2016/12/18/top-ten-healthcare-quotes-for-2016/#5f47fb6b127f

• http://www.goodreads.com/quotes/tag/cyber-security