의료 분야의 사이버 보안 시장 조사

전혀 다른 바이러스

의료 부문에서 사이버 침입의 조류를 막기 위해 진행 중인 전투에 대한 간략한 개요입니다.

In addition to subversive hacking in the business world, where private information can be compromised and sensitive company data absconded with, cybersecurity measures are now employed to negate the effects of hacking by foreign entities, used a political weapon. It is an increasingly serious global problem, and one that has necessitated the implementation of advanced cybersecurity methodologies to counteract the increasingly sophisticated capabilities of hackers to subvert these very systems.

“In recent years, cybersecurity has been a growing concern in healthcare, with high-profile cyber-attacks and vulnerabilities causing disruptions for insurers, hospitals, and medical device makers. The stakes for patients are high too as patient data could be lost or tampered with, hospital services interrupted, or patients harmed through attacks targeting specific devices … “ 1

사이버 범죄 퇴치를 위한 정부 개입

The rapid digitization of the healthcare industry makes this sector particularly vulnerable to cyber attack, and this fact has not been lost on the US Congress.  The House Energy and Commerce Committee recently convened to address cybersecurity in the health sector. Information Sharing and Analysis Centers (ISACS) may be key in providing enhanced security for healthcare providers and in thwarting efforts of would-be cyber attackers.

Through the interactive efforts of the 24 organizations that comprise the National Council of ISACs (NCI), great efforts are being made to “maximize information flow across the private sector critical infrastructures and with government. Critical infrastructure sectors and subsectors that do not have ISACs are invited to contact the NCI to learn how they can participate in NCI activities.”2

It is, of course, a Herculean undertaking to strengthen the partnership between public and private entities in healthcare with regard to cybersecurity, considering the myriad industries and agencies of government that are responsible for regulating and delivering said healthcare. Congress has been encouraged to provide tax breaks and other incentives to prompt companies to get involved with the ongoing effort of ISACs.

참여 부족으로 인해 사이버 보안 구현이 방해받음

Unfortunately, poor participation rates among healthcare facilities have been a persistent problem in the ongoing efforts to implement effective cybersecurity measures across the sector. According to Terry Rice, vice president of IT risk management and chief information security officer at Merck, “companies may be hesitant to share information within an ISAC if they fear the information will not remain confidential to its members.”3

“I think the most shocking statistic was really the fact that 40% of the individuals at the top of an organization–executives like CEOs and CIOs, and even board members–didn’t feel personally responsible for cybersecurity or protecting the customer data.”   Dave Damato, Chief Security Officer at Tanium, on CNBC’s Squawk Box, 의료 산업의 사이버 보안에 대해 이야기하다 13

의료 분야 사이버 범죄로 인한 높은 비용

Aside from the obvious threat of compromised patient information and other incidents of data theft, failures of cybersecurity are incredibly expensive, to the tune of $6.2 billion annually, according to a 2016 research project conducted by the Poneman Institute. Insights revealed in their studies revealed that “nearly 90 percent of the healthcare organizations … had endured a data breach during the previous two years. Forty-five percent had more than five data breaches in that period, with the average cost of a cyber attack totaling $2.2 million. The data contained in electronic health records (EHRs) is often cited as the reason healthcare is such an attractive target in the eyes of a hacker.”4

As secure as people like to believe their health information is in the possession of their doctor’s office or hospital, it is often not the case. The ongoing digitization of health records has been an expensive proposition for the healthcare industry. Securing all that information is another monumental expense, and sometimes this part of the cybersecurity equation has been neglected in the interest of cost-savings, or just by the large-scale nature of the overall endeavor.

의료 분야에서 사이버 절도의 수익성 있는 성격

Of course, health records are a hot commodity on the black market, and they can fetch top dollar from parties seeking to obtain personal information, billing addresses, and credit card numbers. Hacking can be a very lucrative enterprise, indeed. Consider this example. “Hackers made off with more than 2.2 million patient records from Fort Myers, Florida-based 21st Century Oncology in March of 2016. A month later, someone stole a laptop with 205,748 unsecured patient records on it from Premier Healthcare, LLC.” 5

랜섬웨어의 출현

랜섬웨어는 대부분의 사람들을 위한 새로운 용어로, 최근 전 세계적으로 발생한 WannaCry 공격에 익숙해져 중요한 인프라 시스템을 마비시키고 그러한 공격의 특징인 불안과 데이터 손실 가능성에 희생된 사람들로부터 막대한 금전적 몸값을 이끌어냅니다. 특히 의료 산업은 랜섬웨어 침입에 취약합니다.

“병원은 중요한 진료를 제공하고 환자 기록의 최신 정보에 의존하기 때문에 이런 종류의 강탈에 완벽한 표적입니다. 약물 이력, 수술 지침 및 기타 정보에 신속하게 액세스하지 못하면 환자 치료가 지연되거나 중단될 수 있으며, 이로 인해 병원은 사망 및 소송으로 이어질 수 있는 지연 위험보다는 몸값을 지불할 가능성이 더 높아집니다.” 6

Ransomware malware, in effect, locks up a computer and makes data inaccessible unless a ransom is paid to the perpetrator. Usually, this payment is made in the form of Bitcoin. In most instances, a time limit is established for the ransom to be paid, otherwise the computers data will be destroyed. Though most stricken parties don’t pay the ransom, enough do to make it a particularly lucrative criminal enterprise.

The healthcare industry has been vulnerable to ransomware attacks because, surprisingly, many hospitals have taken inadequate steps to prevent cybersecurity breeches. Instead, most hospitals have focused their primary concern on meeting HIPAA compliance and meeting federal guidelines to ensure the security of patient information. Ultimately, most employees in healthcare are simply not trained well enough to recognize and thwart cyber attacks before they occur. Even when adequate training and cybersecurity measures are in place, it is a continuous challenge to outwit perpetrators who constantly remain one step ahead of the game.

IoT 장치도 위험에 처해 있습니다

To add a layer of seriousness to the present situation, cyber attacks can affect not only computers, but devices that are connected to them, as well. Medical tools, heart and glucose monitors are but a few examples of devices vulnerable to cyber attack. Vice-President Dick Cheney famously demanded that his pacemaker be made safe from cyber attack, lest those with ill-intent not manipulate the function of his device remotely. Quite frankly, interference with such devices can be deadly for the patients who depend on them to live.

의료 해킹의 예를 들면 다음과 같습니다. “현재 사용되는 공격 중 하나인 MedJack은 공격자가 의료 기기에 악성 코드를 주입한 다음 네트워크를 통해 확산됩니다. 이러한 유형의 공격에서 발견된 의료 데이터는 세금 사기나 신원 도용에 사용될 수 있으며 활성 약물 처방을 추적하는 데에도 사용될 수 있어 해커가 온라인으로 약물을 주문한 다음 다크 웹에서 판매할 수 있습니다.” 7

“No patients have, as far as I know, been killed due to a hacked pacemaker, but patients have been killed due to malfunction[s] of their medical devices, configuration errors, and software bugs. This means that security research in the form of pre-emptive hacking, followed by coordinated vulnerability disclosure and vendor fixes, can help save human lives." Marie Moe, SINTEF의 보안 연구원, "어서, 해커들아. 내 마음을 아프게 해라”(유선)13

FCC는 이제 의료 기기의 IoT 공급업체가 제조하는 제품에 보안 조치를 내장할 것을 제안했습니다. 제안된 핵심 단어입니다. 실제로 해당 제조업체에 대한 필수 보안 관행 및 요구 사항을 도입하는 것은 시간이 많이 걸리는 노력입니다. 또한 장치와 데이터베이스 간의 데이터를 중계하도록 할당된 네트워크에도 사이버 보안 구현 및 모니터링이 매우 필요합니다.

새로운 대통령, 새로운 질서

There was much speculation as to how the Trump administration would address issues of cybersecurity. On May 11, 2017, the president signed an executive order that mandated a review of the nation’s overall abilities to combat criminal cyber-activity. The order places the brunt of responsibility concerning cybersecurity on federal agencies which were to do risk assessments and turn in their respective reports within 90 days. Additional reports examining critical infrastructure risks were due six months after the president’s order was issued.

“이 명령은 자동으로 생성된 스팸 트래픽이 있는 웹사이트를 표적으로 삼는 봇넷의 위협을 검토할 것을 요구합니다. 그만큼 미라이 봇넷 작년에 심각한 인터넷 중단을 담당했습니다. 그러나 Access Now는 이번 명령이 정부의 취약성 공개 프로세스와 데이터 침해에 대한 대응도 다루어야 한다고 말했습니다.”

There is no overall preventative measure or measure that can eliminate the risk of cyber attacks. Rather, hospitals, clinics, and private practices can only hope to work together and manage the continuous risks in the interest of protecting the private information and the general safety of their patients. Concurrently, continuous technological advancements will hopefully address the vulnerability of medical devices and computer networks.

의료 부문 및 그 이상 분야에서 사이버 범죄가 가져올 수 있는 잠재적인 재앙적 영향을 억제하려는 이러한 노력은 미국을 훨씬 넘어 확장되고 있습니다. 전 세계적으로 사이버 공격의 흐름을 막거나 적어도 사이버 범죄자를 대신하여 의료 시스템에 침투하여 혼란을 일으키고 가능한 한 강탈하려는 끝없는 노력의 영향을 최소화하기 위한 세계적인 노력이 현재 진행 중입니다. , 어떤 사악한 목적에도 불구하고.

사이버 공격에 대한 정치적 동기

With the hostile political climate that exists between North Korea and virtually every other country in the civilized world, it is not surprising that the rogue nation has been cited as a probably offender in the recent WannaCry ransomware attacks, and other ill-willed endeavors undertaken for political reasons and for the purposes of financial extortion.

“사이버 보안 연구원들이 북한을 세계적인 워너크라이(WannaCry) 랜섬웨어” 사이버 공격과 연관시킬 수 있는 기술적 단서를 발견했습니다. 150개국에서 300,000대 이상의 컴퓨터를 감염시켰습니다.. Symantec and Kaspersky Lab said …  some code in an earlier version of 워너크라이 소프트웨어 많은 기업의 연구자들이 북한이 운영하는 해킹 조직으로 확인한 라자루스 그룹(Lazarus Group)이 사용하는 프로그램에도 등장했습니다.” 10

모든 전문가가 WannaCry 랜섬웨어 공격이 금전적인 이유로 동기가 부여되었다고 믿는 것은 아닙니다. 영국의 사이버 컨설턴트인 Hacker House의 Matthew Hickey와 같은 일부 사람들은 가해자들이 단지 “가능한 한 많은 피해를 입히기를” 바랐다고 믿습니다. 이는 인도, 대만, 우크라이나, 러시아 등 공격으로 가장 큰 피해를 입은 국가의 경우였습니다.

러시아 지도자 블라디미르 푸틴(Vladimir Putin)과 같은 일부 사람들은 워너크라이(WannaCry) 랜섬웨어 공격에서 NSA가 역할을 했다고 주장하면서 NSA를 비난했습니다. WannaCry 기술은 “NSA에서 발생한 것으로 보이는 Windows의 보안 결함을 이용하여 유출된 도구를 기반으로 한 것으로 생각됩니다. 푸틴 대통령은 베이징에서 "우리는 지니, 특히 비밀 기관에 의해 만들어진 지니가 병에서 나오면 자신의 작가와 창작자에게 해를 끼칠 수 있다는 것을 충분히 알고 있다"고 말했다. 러시아 국영 통신사 타스(Tass)에 따르면.” 11

“This next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround himself with experts that can expedite the allocation of potent layers of next-generation defenses around our targeted critical infrastructure silos.”  James Scott, Senior Fellow, Institute for Critical Infrastructure Technology 14

의료 부문의 사이버 침입 퇴치 동향

Obviously, the threat of cybersecurity breaches across all sectors of business and industry will not abate. In healthcare, there will be an ongoing and incessant need to improve technology and overall vigilance to avoid disastrous incidents in the future. Certain protective trends are emerging that might be seen as the future of cybercrime deterrence in healthcare.

At the top of the list is an increasing migration to cloud-based information security tools. This move “will allow the tools to be updated more dynamically to address zero-day type malware.  This move to the cloud should ultimately make it more economical to make these tools available to all healthcare providers – large and small.” 12

In addition, the healthcare industry will be forced to encourage increased information sharing and collaboration across health networks and between facilities. This mutual cybersecurity effort will be difficult to instigate as health institutions are often quite insular by nature. It is predicted that this sharing of information will reach beyond healthcare to include many sectors of business and institutional endeavors to minimize risks for all involved.

Ultimately, the effort to negate the dangers of cybersecurity breaches, ransomware, and new and emerging threats in this arena will come down to education and awareness on all employee levels in healthcare and beyond. When everyone is well-educated and made to see warning signs of cyber-risks and what they can do to be part of an overarching effort to stem the tide of cyber-incursion, the healthcare industry and all protectors of civilized information sharing around the globe will continue to make meaningful strides towards limiting the damaging effects of cybercrime in all sectors.

AI-Driven Website Security: WP Safe Zone for Healthcare

In the healthcare sector, where sensitive patient data is a prime target for cyberattacks, robust website security is critical. The rise of AI in cybersecurity is providing powerful solutions to combat these threats. One standout example is the WP Safe Zone plugin, tailored for WordPress websites.

WP Safe Zone utilizes artificial intelligence to protect websites from malware, brute force attacks, and unauthorized access. Its AI algorithms constantly monitor and adapt to emerging threats, ensuring real-time protection for healthcare organizations’ online platforms.

As cyber risks in healthcare continue to grow, tools like WP Safe Zone demonstrate how AI can safeguard critical systems, ensuring both data security and compliance with strict regulations.

귀하의 사이버 보안 노력을 도와드릴 수 있습니다

SIS International Research는 독립적인 가족 진료부터 다계층 및 모놀리식 의료 네트워크에 이르기까지 다양한 수준에서 의료 산업과 수십 년 동안 상호 작용해 왔습니다. 의료 부문의 기업과 기관이 직면한 과제에 대한 우리의 독보적인 이해는 타의 추종을 불허합니다. 이해관계자에 대한 조사와 정보를 제공합니다[/fusion_text][fusion_text]

우리의 솔루션은 다음과 같습니다:

오늘날 우리가 가장 존경하는 의료 기관과 그들이 서비스를 제공하는 환자를 겨냥한 사이버 범죄가 증가함에 따라 발생하는 위협이 더욱 복잡해짐에 따라 우리는 우리의 역할을 가장 심각하게 고려하고 있습니다. 의료 산업의 중요성과 다면적인 성격을 이해하는 데 자부심을 느끼는 회사로서, 우리는 고객이 찾아온 것과 동일한 고품질의 포괄적인 연구 역량을 바탕으로 건강 관련 관행, 시설 및 조직에 계속 서비스를 제공할 것입니다. 기대하고 요구하세요. 이러한 방식으로 우리는 의료계가 의료 부문에서 발생하는 매우 현실적이고 심각한 사이버 공격 위협을 이해하고 이에 맞서 싸울 수 있도록 돕는 역할을 다할 수 있기를 바랍니다.

이 연구를 편집하는 데 다음 리소스가 사용되었습니다.

• http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf

• https://www.nationalisacs.org/

• http://www.raps.org/Regulatory-Focus/News/2017/04/04/27267/Cybersecurity-House-Committee-Looks-to-Build-on-Public-Private-Partnerships/#sthash.x4Xvdf6q.dpuf

• https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017

• https://learningnetwork.cisco.com/blogs/talking-tech-with-cisco/2017/03/21/cybersecurity-and-healthcare-a-forecast-for-2017

• https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/

• https://www.wired.com/2017/03/medical-devices-next-security-nightmare/

• https://techcrunch.com/2017/05/11/trump-signs-long-delayed-executive-order-on-cybersecurity/

• http://www.healthcareitnews.com/news/top-10-cybersecurity-must-haves-2017

• http://www.dingit.tv/highlight/1441974?utm_source=Embedded&utm_medium=Embedded&utm_campaign=Embedded

• www.healthcareitnews.com/blog/3-trends-shaping-future-cybersecurity

• https://www.forbes.com/sites/danmunro/2016/12/18/top-ten-healthcare-quotes-for-2016/#5f47fb6b127f

• http://www.goodreads.com/quotes/tag/cyber-security