Hackers Target Medical IoT Devices To Obtain Prescription Drugs

Hackers Target Medical IoT Devices To Obtain Prescription Drugs
Bitcoinist_Medical IoT Devices

Hospital IT security is not up to par, as a recent reported indicated. It looks like the threat is far more real than anticipated, as a new wave of IoT device attacks is taking place as we speak. Medical services, ranging from CT scanners to dialysis pumps, are targeted by hackers. Albeit these assailants will not shut down the machines, they are trying to retrieve confidential patient information.

 

Very few people seem to realize medical devices store a lot of sensitive patient data. MRI Machines and CT scanners keep a record of all patients going through these devices. The vast majority of these machines is connected to the Internet, making them a lucrative target for hackers all over the world.

Medical IoT Devices Are A High-value Target

Medical IoT Devices TrapX

As one would come to expect from lackluster hospital IT security, these machines are inadequately protected. To be more precise, assailants use older versions of malware to attack medical IoT equipment. Conficker, a very old type of worm, has been identified as one of the tools of attack. Far too many medical devices connected to the Internet run on older Windows versions.

Security firm TrapX Labs explained the situation as follows:

“The malware utilized for this attack was specifically selected to exploit older versions of Windows… It enabled the attacker to install a backdoor within the enterprise, from which they could launch their campaign and quietly exfiltrate data and perhaps cause significant damage using a ransomware attack.”

 

Conficker has been a cause of concern for security experts in the past. Similar to how ransomware is evolving, this worm used to undergo several changes during its reign. The developers even used it to hijack infected devices and use them for DDoS and spam attacks. Medical machinery is a lot more powerful compared to CCTV cameras, and can be wielded to cause a lot more harm.

The Number of Attacks Increases

The medical industry has been under attack from hackers for quite some time now. Several hospitals had to deal with ransomware attacks these past few months. Patient records have always been a high-value target for hackers. One individual is even selling three different databases on the deep web. Every database has several tens of thousands of patient records in it.

Using these medical profiles goes well beyond using them for extortion schemes. A hacker would be able to get prescriptions filled. After all, these prescriptions are covered by insurance, and the pills have a high resale value on the deep web. All of these goods are sold in exchange for Bitcoin. There is no better time than now for hospitals to step up their IT security. Unfortunately, most of them do not have the staff or money to do so.

What are your thoughts on hackers going after medical IoT devices/ Let us know in the comments below!

Source: Threatpost

Images courtesy of Shutterstock, TrapX

 

[Bitcoinist]

July 2, 2016 / by / in , , , , , , , , ,

Leave a Reply

Show Buttons
Hide Buttons

IMPORTANT MESSAGE: Scooblrinc.com is a website owned and operated by Scooblr, Inc. By accessing this website and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy, as amended from time to time. Scooblr, Inc. does not verify or assure that information provided by any company offering services is accurate or complete or that the valuation is appropriate. Neither Scooblr nor any of its directors, officers, employees, representatives, affiliates or agents shall have any liability whatsoever arising, for any error or incompleteness of fact or opinion in, or lack of care in the preparation or publication, of the materials posted on this website. Scooblr does not give advice, provide analysis or recommendations regarding any offering, service posted on the website. The information on this website does not constitute an offer of, or the solicitation of an offer to buy or subscribe for, any services to any person in any jurisdiction to whom or in which such offer or solicitation is unlawful.