Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Patient critical – healthcare’s cybersecurity pulse

August 2019 News & Events, Information Security, Healthcare (Industry)

By Craig Rosewarne.

The healthcare industry has become one of the leading cybersecurity attack vectors worldwide.

Case 1 – The patient and his family appeared horrified. What had begun as a seemingly routine medical examination had turned into a nightmare. The man appeared healthy but had complained of persistent headaches. The CT scan showed what was diagnosed to be a massive tumour on the brain. Declining surgery, he still managed to get a substantial disability pay-out from his insurers who were unaware of his brilliance at writing computer programs.


Craig Rosewarne

Pending his nomination he undertook a thorough medical check-up and was declared fit as a fiddle. A month later he collapsed at a fundraising function and died of a major arterial embolism in the brain. The underworld rejoiced.

Do the above case scenarios sound strange? Not if one considers that researchers in Israel recently announced that they’d created a computer virus capable of adding or removing images of tumours into CT and MRI scans, malware designed to fool doctors into misdiagnosing low- to high-profile patients. This short video is scary yet fascinating: www.youtube.com/watch?v=_mkRAArj-x0&feature=youtu.be

The healthcare industry has become one of the leading attack vectors worldwide for several reasons. Firstly, it maintains huge amounts of highly sensitive patient data, a juicy target for hackers who can use it for financial gain, humiliation or revenge. Access to a medical database would allow a miscreant to alter medical records, delete them or hold them hostage using ransomware.

Secondly, medical institutions are far more likely to accede to ransomware demands when patients’ lives are at stake. The healthcare industry increasingly relies on IoT (Internet of Things) technology that’s connected to the Internet, which ranges from patient records and lab results to radiology equipment. Even catering and down to maintenance of the hospitals are impacted. The 2017 WannaCry ‘epidemic’ caused chaos in the healthcare industry, the UK in particular being hard hit. Many institutions were found to still be running their systems on outdated, end-of-life, unpatched Windows XP devices.

Healthcare lags far behind other industries, experts say, unlike the financial sector, in the way it protects its information technology infrastructure. A healthcare failure can end with injury or even death, unlike finance which may involve a slap on the wrist or a fine.

Not a matter of when or if…

Medical institutions are being bombarded with malicious attacks every day. Many do not even know that they are already infected as many viruses can lay dormant or continue to seek new backdoors until activated. Advanced Persistent Threats (ATPs) are sometimes only discovered 18 months after breaching the system. Another major problem is that most medical personnel do not know what system devices are running on. Many service providers have gone out of business and patches, when provided, are often not implemented. Many small medical facilities do not have the budget for a full-time IT team and those in rural areas are at greater risk, especially if they are connected to the main urban centres. The country cousins can infect their city slickers – remember, everything is connected.

What other dangers do the health industries and medical devices face? Pacemakers have been proven to be easily hackable. The device can be instructed to speed up, slow down, behave in an erratic fashion or even shut down. ECGs, scanners and X-rays may give false readings or simply be unavailable. Hospitals’ and clinics’ emergency power generators can be disabled, preventing any tests, operations, etc. during a mains outage, which are a common occurrence here in sunny South Africa.

Why is the health industry lagging behind other enterprises? Low budgets play a major part, but the lack of awareness regarding the enormity of the threats from governments, decision makers down to grass-level employees is extremely worrying. The perceived attitude that no-one would be so callous as to attack a medical establishment and endanger human lives or cause fatalities is pervasive. Many hackers don’t care. The monetary rewards far outweigh any feelings of guilt or remorse.

There is a pulse, but it is very weak.


Credit(s)

Tel: +27 11 794 7322
Email: info@wolfpackrisk.com
www: www.wolfpackrisk.com
Articles: More information and articles about Wolfpack Information Risk



Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

From the editor's desk: It’s all about data
Technews Publishing News & Events
      Welcome to the SMART Access and Identity Handbook 2026. We have slightly changed the handbook this year, specifically the selection guides, but there is still a lot of industry information inside, and ...

Read more...
Zero Trust access control
Technews Publishing SMART Security Solutions CASA Software NEC XON Editor's Choice Access Control & Identity Management Information Security
Zero Trust Architecture enforces the rule of ‘never trust, always verify’. It changes an organisation’s security posture by assuming that threats exist both inside and outside the perimeter, and it applies to information and physical security.

Read more...
Reshaping South Africa’s built environment
Securex South Africa Facilities & Building Management News & Events Commercial (Industry)
FM teams are responsible for the overall operational environment of a building, while security teams focus on protection, control, and incident response. Increasingly, both rely on the same data streams, infrastructure, and digital tools.

Read more...
Integrated security key to protecting cloud applications
Infrastructure Information Security
Cloud-native applications have transformed the way businesses operate, enabling faster innovation, greater agility, and enhanced scalability. Yet this evolution brings an equally complex security landscape.

Read more...
Factories, grids, and finance: Critical infrastructure cyber lessons of 2025
Asset Management Information Security Industrial (Industry)
Africa has seen an accelerated, large-scale digitisation of our overall industrial base, and this rapid convergence of IT and OT is happening on a foundation that, in essence, was not designed to be cybersecure.

Read more...
Banking’s AI reckoning
Financial (Industry) News & Events AI & Data Analytics
From agentic commerce disputes to quantum-powered risk modelling, SAS experts offer a ‘banker’s dozen,’ 13 industry-defining predictions that will separate institutions that master intelligent banking from those still struggling with the basics.

Read more...
Axis signs CISA Secure by Design pledge
Axis Communications SA News & Events Surveillance Information Security
Axis Communications has signed the United States Cybersecurity & Infrastructure Security Agency’s (CISA) Secure by Design pledge, signalling the company’s commitment to upholding and transparently communicating the cybersecurity posture of its products.

Read more...
Five key technology trends for the security sector in 2026
Axis Communications SA News & Events Surveillance
Axis Communications examines trends it considers important for 2026, as technology and customer requirements continue to evolve, but the basic security needs of end users remain constant.

Read more...
Securing a South African healthcare network
Surveillance Healthcare (Industry) AI & Data Analytics
VIVOTEK partnered with local integrator Chase Networks and distributor Rectron to deliver a fully integrated security ecosystem, providing PathCare with a centralised view of all facilities, simplifying monitoring of sensitive laboratory areas, and ensuring SOP compliance.

Read more...
DeepAlert appoints Howard Harrison as CEO
DeepAlert News & Events AI & Data Analytics
DeepAlert has appointed Howard Harrison as chief executive officer. DeepAlert’s founder and CEO of the past six years, Dr Jasper Horrell, will transition into a newly created role as chief innovation officer.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.