Home / Software & Service News / Was the US health industry under a concerted attack, and we missed it in the noise?

Was the US health industry under a concerted attack, and we missed it in the noise?

healthcare security

News first hit media outlets on Monday, June 27, 2016 that a U.S. healthcare database had been breached and half a million patient records had been stolen and posted for sale on the Dark Web. Later reports suggested even more records had been stolen when the hacker advertised another 9.3 million files of patient information – bringing the total to a staggering 10 million personal health records of American citizens for sale from multiple organizations in the health industry.

A team at our company, Cymmetria, was one of the groups that uncovered the extent of this incident. The media’s information was incomplete at first, and when we saw the alleged hacker continuing to post on the Dark Web, we saw that there were actually three different sales posted. Among the organizations supposedly affected were healthcare providers from New York, Missouri, and Oklahoma, in addition to a large nationwide health insurer.

The hacker has kept the names of the affected organizations anonymous, auctioning off their private data to the highest bidder.

The hacker, who refers to himself as “thedarkoverlord,” claimed that the attack succeeded due to use of a 0-day vulnerability in the healthcare organizations’ remote desktop services, bypassing the controls put in place to prevent malicious users from gaining remote access to systems. But is this claim an attempt to draw our attention away from how the hacker actually got in?

Such a vulnerability would only enable access, and for the attacker to successfully steal this much data, gaining access to the network would not be enough. The accepted tradecraft for moving about the network and gaining access to more systems, as is very likely to have been the case here, is lateral movement, or “pivoting.” The attacker uses information on a system to figure out where to go next using the credentials of a real user, so as not to cause an anomaly that can be detected by defensive measures.

After bypassing preventative security measures such as sandboxing, hackers reach endpoints and bypass endpoint security solutions. They can then proceed to pivot and perform lateral movement within the network as described above, allowing them to obtain much more information. This is obviously problematic and requires new types of controls to be used, such as cyber deception.

Such an attack has many implications.

On a personal level, 10 million Americans now face the fact that their personally identifiable information along with their private health records are out in the world and can potentially be used for anything from impersonation to blackmail. Although it’s fair to note that, with so many data breaches occurring, criminals have quite a lot of data to work with already.

On a national level, while the healthcare industry has certainly been targeted before, it means that an industry-wide attack has likely been conducted against the United States of America, and it has gone under the radar as “yet another data breach.” It seems that with so many cyber attacks happening daily, and the damage being digital, it’s often easy to miss the obvious.

We need to take stock of three facts: Intelligence is complex in the cyber realm and needs to be conducted carefully. One can never be sure with online claims, even on this magnitude. If this breach indeed proves true, over 10 million Americans’ health records are now effectively public record. The United States is under attack and needs to acknowledge it.

It is easy to miss a strategic attack when it is surrounded daily by millions of other similar incidents. People talk about the possibility that we will see a cyber 9/11, or a digital Pearl Harbor. This incident may not look as dramatic, but it warrants our full attention.

Laura Ferguson is a Senior Analyst at Cymmetria.

Shayell Aaron is a Senior Analyst at Cymmetria.

Get more stories like this on TwitterFacebook

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

Existing EV batteries could be recharged five times faster

Lithium-ion batteries have massively improved in the last half-decade, but there are still issues. The biggest, especially for EVs, is that charging takes too long to make them as useful as regular cars for highway driving. Researchers from the University of Warwick (WMG) have discovered that we may not need to be so patient, though. They developed a new type of sensor that measures internal battery temperatures and discovered that we can probably recharge them up to five times quicker without overheating problems.

Overcharging a lithium-ion battery anode can lead to lithium buildup, which can break through a battery's separator, create a short-circuit and cause catastrophic failure. That can cause the electrolyte to emit gases and literally blow up the battery, so manufacturers impose strict charging power limits to prevent it.

Those limits are based on hard-to-measure internal temperatures, however, which is where the WMG probe comes in. It's a fiber optic sensor, protected by a chemical layer that can be directly inserted into a lithium-ion cell to give highly precise thermal measurements without affecting its performance.

The team tested the sensor on standard 18650 li-ion cells, used in Tesla's Model S and X, among other EVs. They discovered that they can be charged five times faster than previously thought without damage. Such speeds would reduce battery life, but if used judiciously, the impact would be minimized, said lead researcher Dr. Tazdin Amietszajew.

Faster charging as always comes at the expense of overall battery life but many consumers would welcome the ability to charge a vehicle battery quickly when short journey times are required and then to switch to standard charge periods at other times.

There's still some work to do. While the research showed the li-ion cells can support higher temperatures, EVs and charging systems would have to have "precisely tuned profiles/limits" to prevent problems. It's also not clear how battery makers would install the sensors in the cells.

Nevertheless, it shows a lot of promise for much faster charging speeds in the near future. Even if battery capacities stayed the same, charging in 5 minutes instead of 25 could flip a lot of drivers over to the green side.

Via: Clean Technica

Source: University of Warwick