A Global Research and Analysis Team (GReAT) at Kaspersky Lab, which is an elite group of leading security experts that operates all over the world, carried out a research study at the company’s private lab in an effort to expose medical clinics’ network weaknesses and then fix them. Indeed, they did find multiple breaches, which means that cyber criminals could have easily accessed people’s personal information, even possibly reaching individuals physically.Modern medical clinics are complex organizations.Most rely on computerized systems that have an operating system and many apps installed on them. Physicians rely on computers to store digital information about their patients, and most doctors’ offices share information over the Internet with health funds.It is no surprise that medical devices and IT networks in hospitals often become the targets of attacks by hackers. Recently, there have been a number of ransomware virus attacks against hospitals in the US and Canada. But massive malicious cyber attacks are just one way cyber criminals can take advantage of IT infrastructure in 21st-century hospitals.In addition to storing personal information about all of their patients, medical clinics also use expensive equipment that can be difficult to repair or replace, which makes them extremely vulnerable to blackmail and data theft. Cyber attacks against medical institutions can involve a number of dangerous situations, such as: • Illegal use of patients’ personal information, including the selling of information to third parties or the demanding of ransom payments in return for not using sensitive information; • Forgery of patients’ diagnostic test results; • Tampering with expensive medical equipment that can lead to physical harm being done to patients and to huge financial loss for medical clinics; • Damage to a clinic’s reputation.Exposure to the Internet The first thing Kaspersky Lab experts decided to investigate was how most medical devices around the world are connected to the Internet.Most modern medical devices are based on fully operating computer systems, the vast majority of which are connected to the Internet. The search engine Shodan can help us locate Internet-connected devices, such as scanners, MRIs, cardiac equipment and even radiation detection devices. Unfortunately, many of these devices are still operating using systems such as Windows XP, which poses great databreach risks that have yet to be updated and repaired. Some offices and companies are still using default passwords that can easily be found in operations manuals that are publicly available, making it way too easy for cyber criminals to infiltrate their systems.Inside a clinic’s local area network The above-mentioned method is one way for cyber criminals to access information. But the more common and obvious way for them to attack is through local area networks. The GReAT team found a breach in the clinic’s Wi-Fi connection and was able to access the network through a weakness in the communication access protocol.While browsing through the clinic’s local network, a Kaspersky expert found the clinic’s medical equipment listed on Shodan. In this case, a criminal wouldn’t even need a password to gain access to the devices, since they’re all connected to the local network, which is considered reliable with respect to medical-device applications and users. In other words, this is an extremely easy way for cyber criminals to gain access to medical devices.In another search, a Kaspersky expert found a new breach in another medical-device application.A shell command was inserted in the user interface that enabled cyber criminals to access patients’ personal information, including their medical history, home addresses and other identifying data. Moreover, every single device that was connected to the network was in jeopardy.For example, medical clinics often have an MRI and cardiac equipment connected to their local area network. Once they’ve gained access to these machines, criminals can alter the settings, which could cause grave physical harm to patients the next time the devices are used to treat patients. In addition, criminals can also remotely damage these machines, incurring huge financial loss for clinics and hospitals.Kaspersky experts recommend implementing the following measures in an effort to protect medical clinics from unauthorized access: • Make sure to always use strong passwords to protect all external links; • Always keep all security policies updated; • Protect all medical devices on local networks with passwords; • Protect all infrastructure against malicious code and attacks by hackers by implementing reliable security precautions; • Back up vital data regularly and keep backups on external devices not connected to the Internet.If you run a young startup, have developed an interesting app or have a question, please feel free to contact firstname.lastname@example.org. Translated by Hannah Hochner.