Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medical Hacking. Show all posts

Hackers Steal Data of 40,000 Patients From a Kidney Hospital in Thailand


On Wednesday, Thirachai Chantharotsiri, director of Bhumirajanagarindra Kidney Institute Hospital lodged a complaint that the personal information of over 40,000 patients has been stolen by a hacker. The compromised data included personal details and allegedly medical history of the patients. 

While talking to local media at Phaya Thai police station, Dr. Chantharotsiri told that on Monday, the database of the patients at a hospital in the Ratchathewi district of Bangkok became inaccessible to the hospital staff. A subsequent system check was carried out which revealed that the data had been stolen. The breach damaged the data system of the hospital which resulted in an inability to access the X-ray archive. 

According to the commissioner of the CCBI, Pol Lt Gen Kornchai Kalyklueng – owing to the ambiguity regarding the criminals – the investigating agency will seek support from American authorities and other international organizations to track down the hackers. 

Dr. Thirachai told that later, the facility received a call from a foreigner claiming to have hacked the system, the English-speaking man tried to negotiate for payment in exchange for the important information belonging to the hospital. 

The director filed a police complaint along with a recording of the call, reportedly, he did not hear from the anonymous caller again. 

In an attempt to mitigate concerns, the officials at the hospital maintained that the compromised data only include the primary data of the patients, emphasizing that diagnostic or medical records were untouched. 

As per the investigation of CCIB, the group behind the hacking is probably the one that hacked the systems of Krungthai Bank exposing client information and that of a hospital in the Northeast. Although the group identified is seemingly of Indian origins using a server in Singapore, most recent findings indicate that the threat actors were operating from the US.

120 Million Medical Records Leaked! Global Medical Report Sheds More Light.


Along with cyber-security within your phones and other devices, you must make sure the hospital you go to has enough cyber-protection as well!

The obnoxiousness of cyber-criminals is escalating by the hour. As if stealing data of organizations and loosely selling largely famous tech giants’ data online wasn’t enough, hackers have now thrown on the internet personal medical details of more than 120 million Indian patients, per sources.

With the leakage of these personal medical records, they have also been made available online for cyber-cons to exploit.

In a recent “Global Report” on “Medical Data Leak” it was acutely mentioned that in the enormous number of records that got leaked, the affected patients’ X-rays, MRIs and images of CT scans were the major components.

According to sources, the first such report was published by a German cyber-security firm in October 2019. According to the actions taken by several countries’ governments as a response to the publishing of the first report, the succeeding report segregated countries into the categories of “good”, “bad” and “ugly”.

It may or may not come as a shock to many, but India was a “proud winner” of the second position in the “Ugly” category right after the United States of America.


As stated by the succeeding report, the state of Maharashtra is positioned right at the top if we consider the number of “data troves” (308, 451 troves) that are available online providing access to more than 69 million images.

Per sources, the second position is Karnataka with 182, 865 data troves providing access to more than 13 million images!

Researchers found out that the number of data troves that are available online has risen exponentially especially speaking in terms of India.

What exactly induced the leakage isn’t as widely known as all that but the first report clearly insinuated that the leak was in a way prompted by the servers of the “Picture Archiving and Communications Systems (PACS)” as the leaked information is mostly stored there.

The problem possibly was that the servers aren’t as secure as they should be and are connected to the public internet network which makes them easily susceptible.

This leakage is really disconcerting because you can’t simply get hold of who those patients are. They could be ANYONE, ranging from common men to big shots!
Apart from that, these medical records could pose threats like extortion, identity theft, and the list is unending.

One of Australia's Largest IVF Providers Warns Patients of Possible Data Breach


A malicious cyber-attack targeting on the staff email system of one of Australia's biggest IVF providers may have brought a breach in the personal information of the patients. It has been accounted for that the attackers gained access to emails; email addresses and address books belonging to a number of staff members in the attack.

A group of forensic IT experts has just started an investigation to find out how the server was broken and if patients' personal details were gotten to, according to Chief Executive of Monash IVF Group, Michael Knaap.

While the investigation discovered that the private patient databases were immaculate, the national fertility business said in an email to the patients informing them that staff emails containing sensitive patient data, including medicinal histories, may have been hacked.

Monash IVF emphatically stressed the fact that the attackers have focused on just a bunch of the patients and were simply restricted to "an individual's email address"; however a few patients may have been directly affected.

The IVF provider said it had been in contact with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre (ACSC) about the incident as well as industry regulators.

Monash IVF is attached to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia, and the Northern Territory.

This, in any case, isn't the first cyber-attack exclusively centered around the patients data security there have been quite a few earlier this year also, the most popular one as revealed by "The Age" a cybercrime syndicate had hacked and 'scrambled' the medical records of around 15,000 patients from a specialist cardiology unit at Cabrini Hospital and thusly demanded a ransom.

National Health Service England to set up Artificial Intelligence lab





The National Health Service England is planning to set up a national artificial intelligence laboratory to enhance the medical care and research facility.

According to the Health Secretary, Matt Hancock said AI has 'enormous power' to improve the health care facilities, and save lives.

The health service has announced £250m on setting up a research lab to boost AI within the health sector.

However, AI will pose new challenges in protecting patient data.

Many AI tools have proven to be game-changer devices, which help doctors at spotting lung cancer, skin cancer, and more than 50 eye conditions from scans.

Meanwhile, there are some tools that are yet to be used routinely across the NHS.

"The power of artificial intelligence to improve medicine, to save lives, to improve the way treatments are done, that power is enormous," Mr. Hancock told BBC News.

"In this country, we've got the opportunity to be one of the leading countries in the world at using this new technology."


Cyber attacks on medical institutions have become more frequent in Russia


Kaspersky Lab has discovered a series of targeted attacks on large public health institutions in Russia.

The number of hacker attacks on Russian medical institutions has doubled this year. According to Kaspersky Lab, ten major Russian state medical institutions were attacked in spring 2019. The identity of the hackers is still unknown, but the Kaspersky Lab believes that the attackers speak Russian fluently but are outside the country.

The main purpose of the attackers is to collect financial documents, contracts for expensive treatment, invoices and other important documentation.

Spy software CloudMid has infected computers. Kaspersky lab notes that this is "unique malware" that the company has not met before. CloudMid is sent by e-mail and disguised as a VPN client of one of the Russian companies. After installing CloudMid, the program proceeds to collect documents on the infected computer, for which, in particular, it takes screenshots several times a minute.

It is known that the mailing did not become mass, only some organizations received messages.

The anti-virus expert of Kaspersky Lab Dmitry Kuznetsov says: "Cyber attackers began to be interested in the health sector. In this case, the attacks were not well technically developed, but they were targeted, and the attackers still managed to get what they wanted.”

Another expert at Kaspersky Lab, Alexey Shulmin, added that such attacks would be repeated.

Evgeny Gnedin, the head of the Analytics Department of Positive Technologies, said that hacker attacks on medical institutions are becoming a dangerous trend. The expert believes that the low level of security is primarily due to the insufficient allocation of funds for information security in medical organizations. So the attacks on medical institutions will remain relevant in the second half of 2019.

According to Andrey Arsentiev, the analyst of the group of companies InfoWatch, cybercriminals have formed groups specializing in attacks of medical institutions, which are aimed primarily at an extensive network of clinics with large volumes of structured personal data of patients.

"Protected medical information is one of the most liquid information on the black market, the cost of one record in some cases can be hundreds or even thousands of dollars. In some other cases, hackers may be interested in research conducted in large medical centers, "said the expert.