• Cybercrime
  • Will cyber-criminals go for medical devices next?

    Nothing on ICT landscape’s off limits for cyber-criminals. Attacking medical devices could be their next target. In the Rise of the Machines:  The Dyn Attack Was Just a Practice Run, the US Institute for Critical Infrastructure Technology (ICIT), a cyber-security think tank, says the Mirai Internet of Things (IoT) botnet has inspired more Distributed Denial of Service ( DDoS) botnet innovation. Its value’s enhanced by the lack of good practice cyber-security at design stages in the Internet and IoT devices. This harsh reality’s an opportunity for Africa’s eHealth to prepare for rigorous evaluations of IoT projects.

    Krebs on Security, a cyber-security news and investigation service, says  IOT’s botnet source code was responsible for the DDoS attack against it. A conclusion drawn from the incident by Kerbs is

    that the Internet will soon be flooded with threats and attacks from many new botnets powered by insecure routers, Internet protocol (IP) cameras, digital video cameras that can send and receive data with a computer network and the Internet, and used for surveillance, digital video recorders and other networked devices that are easy to hack. 

    ICIT provides a comprehensive and detailed analysis of the new threat. Stakeholders have been driven to recognise and accept the design security weakness and the prevalence of vulnerabilities inherent in IoT devices. Its report includes:

    •  A concise overview of the basic Internet structure, including key players and protocols of the International Organization for Standardization (ISO) Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP), used to govern computer systems’ connections to the Internet
    • DDoS anatomy,  including details on constructing botnets, conventional  botnets compared to IoT botnets and launching a DDoS attacks
    • An overview of the Mirai Incidents, including KrebsonSecurity, OVH cloud and  Internet Service Provider (ISP), Dyn, Liberia, Finland, the US Trump and Clinton presidential campaigns, WikiLeaks and Russian banks
    • Evolution of IoT malware, including profiles Linux.Darlloz, a worm, Aidra, QBot and Qakbot, BASHLITE, Lizkebab, Torlus, gafgyt and Mirai
    • A discussion on the sectors at greatest risk including healthcare
    • Recommendations and remediation to combat these threats.

    The ICIT report is essential reading for Africa’s health systems. It can help to prepare cyber-security plans for their forthcoming IoT initiatives.

  • Cyber-crime’s rampant rise needs Africa’s health systems to respond

    The growing use of technology and connection to the Internet increases susceptibility cyber-crime.  Sub-Saharan Africa’s ranked third highest exposure to cyber-crime globally. South Africa has the highest connectivity relative to other African countries, making it a hotspot for cyber-crime. It’s not too surprising it’s ranked first in Africa

    As South Africa’s eHealth blossoms, cyber-criminals have a growing interest in South Africa . Its health systems are not immune to cyber-attacks. Phishing’s the most common form of attack. It’s when cyber-criminals send an apparently legitimate email to entice recipients to respond by providing sensitive information like passwords to accounts and systems, usernames, personal data and other details that can be used mainly for fraud, but also enable ransomware downloads to extort money. It’s an unsophisticated cyber-attack, often successful and frequently used. Avoiding it needs constant vigilance, awareness and trained users.


    An article in the Cover says breaches in healthcare  outweigh all other industries and services. Its data collection, storage and sharing  of confidential patient information makes healthcare perfect targets for cyber-crimminals. If its leaked, it can potentially result in liability claims and grave reputational damage. As healthcare professionals become more reliant on eHealth and its, EHRs and technology, it opens cyber-security windows wider.


    In South Africa, cyber-crime has an economic impact on the nation. It costs an estimated R5.8 billion a year. It’s mainly attributed to risks of system failures and additional costs of restoring systems once hacked. The consequences includes loss of productivity and revenue. Adressing it needs strict legislation, regulation and policies to  help minimise risks and threats. But they’re not enough.


    Healthcare workers need to be more aware of risks and risky behaviours. This needs training and education on avoiding breaches and phishing attacks. They also need to be vigilent with their equipment and materials and adopt best practices.


    Even this is not enough. In a world increasingly driven by technology, having appropriate, effective and far reaching digital cover is imperative. It’s impossible to eliminate cyber-crime’s risks, so rigorous technological solutions are needed to minimise it.  Health systems and organisations have to implement and sustain the most effective holistic cyber-cover that build in modern techniques such as layering defences. Many cyber-attacks breach perimeter defences but don’t reach organisations’data. These are warning signs that need addressing and stopping. A sigh of relief isn’t cyber-security.

  • Cyber-criminals target hospitals in 2017

    As cyber-criminals step up their malevolent activities, health systems aspire to match them. Estimates from the Herjavec Group show that healthcare’s global spending on cyber-security is set to exceed US$65 billion by 2021. But, the real problem isn’t how much healthcare organisations spend, it’s how much they aren’t spending, says an article in HealthcareITNews.

    Herjavec Group’s report says cyber-attacks will become more damaging before they can be challenged. Matt Anthony, Herjavec Group’s vice president of incident response says healthcare organisations’ cyber-security’s set for a rocky year. “In 2017 healthcare providers are the bull’s-eye for hackers.”

    Bitcoin is helping cyber-criminals in their endeavours. It encourages them to pursue ransomware attacks. “Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” says Anthony. “It’s a winning combination for organized crime

    Connected devices, Internet of Things (IoT), the cloud, EHRs and eHealth systems in general are not always built with cyber-security as their priority. This makes healthcare attractive to hackers.

    Hospitals also have little choice but to pay up after ransomware attacks to retrieve their patients personal data. They’re not usually prepared, underfunded, bogged down by legacy systems and really need the data cyber-criminals have encrypted. This makes them soft targets.

    “Hospitals will pay, they’ll pay fast and they’ll pay what it takes to get data back,” Anthony said. “We ask people not to pay but sometimes there’s no alternative in healthcare.”

    Access management tools and practices are slowly starting to improve, with healthcare organisations increasing the priority of cyber-security. There’s still plenty to do. Africa’s health systems implementing eHealth can learn from these experiences and ensure their systems and staff accord a priority to cyber- security measures from the onset.

  • Malicious insiders can be a major threat

    It’s important not to disregard the human side of cyber-crime and the threat it poses to healthcare, its EHRs and medical devices. The consequences can be devastating. External cyber-attackers aren’t the only threat. Real criminals can be inside healthcare. This is what happens when people trusted with personal and confidential information abuse trust and misuse their power. They’re known as malicious insiders.

    Employees, former employees, contractors or business partners can all have access to organisations’ networks, systems or data. Disgruntled, they may retaliate by stealing and releasing information that can damage organisations and patients. A global research study by Mimecast reported that an alarming 90% of organisations said malicious insiders pose a major threat.

    Findings from Pretenus Breach Barometer in an  article by Healthcare IT News reveal that the number of healthcare security breaches caused by insiders has doubled from January to February. Findings from 26 incidences reported that:

    1. Malicious insiders contributed to 58% of total breaches
    2. Their attacks are difficult to detect.

    More worrisome findings are:

    1. Only 23% of respondents are confident that their organisations have invested enough in monitoring systems
    2. The top three alleged instigators of malicious insiders threats are; 80% of employees meddling in their relatives or friends, 66% financial identity theft and 51% identity theft
    3. 57% of respondents believe that cyber-attacks are always an inside job
    4.  Attacks are usually for financial gain.  

    This evidence is a major public health concern. If disgruntled healthcare workers have access to personal and confidential patient data, it’s vital that measures are in place to deny them access. To protect patients and healthcare organisations from insider breaches the healthcare sector should invest in strengthening and protecting organisations’ networks, systems and databases especially those storing personal and confidential information.

    Acfee has information for health ICT professionals  on cyber security practices.

  • Cyber-attack exposes data of nearly 18,000 patients

    Cyber-attacks can have far reaching affects. These are multiplied when the target’s a healthcare organisation’s storing personal patient data. The  Metropolitan Urology Group in the US began notifying patients that a ransomware attack in November 2016 may have exposed their personal data. Nearly 18,000 patients were affected, according to the Department of Health and Human Services’ Office for Civil Rights, says an article in HealthcareITNews.

    The attack was on November 28, 2016. The organisation only discovered it on January 10. It took two months before it started sending notifications to patients on March 10.

    Two of the organisation’s servers were infected by a virus. It may have exposed data of patients attending between 2003 and 2010. The data contained names, patient account numbers, provider identification, medical procedure codes and dates of services. Roughly five of these patients had their Social Security numbers exposed too.

    Metropolitan Urology has been working with an ICT firm to remove the ransomware. Its learned from the experience too, and applying extra cyber-security measures to deter future attacks. All traffic from the affected servers is blocked, the firewall’s improved, email security’ stepped up and protection of all employee devices is in place. These are part of an overall upgrade to its policies and procedures. The organisation’s currently conducting a risk analysis of its ICT system to determine vulnerabilities.

    As compensation, all affected patients will receive one year of free credit monitoring. Metropolitan Urology has also set-up a call centre to answer questions about the breach.

    Any type of cyber-attack could have serious consequences for patients and the hospital. To protect patient data and ensure patients sustain their trust in eHealth services is crucial. It’s critical that organisations are aware of cyber-security threats and rectify and learn from them promptly. Regular staff training and awareness are crucial cyber-security components. Regular, routine and rigorous checks to ensure systems are intact and not breached are too. These are examples of how Africa’s health systems should approach their eHealth cyber-security endeavours.

  • How to combat SQL and XSS cyber-attacks

    Just because it’s an old hat doesn’t mean cyber-criminals give it up. Structured Query Language (SQL) the long-standing international standard for database manipulation, can still be part of a cyber-attack. SQL injection and Cross-Site Scripting (XSS) attacks enables cyber-attackers to inject client-side script, JavaScript, or Hypertext Markup Language HTML into web pages so other users can see them.

    JavaScript’s an object-oriented programming language for creating interactive effects in web browsers. HTML’s a standardised system for tagging text files to achieve font, colour, graphic, and hyperlink effects on web pages.

    SQL injections are common for Hypertext Preprocessor (PHP) applications, usually on Linux servers and with MySQL, and Active Server Page (ASP), Microsoft’s web server technology for creating dynamic, interactive sessions with users. Code Project has a post describes a small, sample code to deal with the vulnerabilities and combat these attacks. It’s available to download.

    There’s more help, advice and a demonstration on a webcast from Alien Vault. It’s released it partly because it says SQL injection and Cross-Site Scripting (XSS) attacks affect millions of users and they need Security Information and Event Management (SIEM) solutions to find these vulnerabilities. SIEM collects and correlates data to identify patterns and raise alerts on cyber- attacks.

    Watch this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.

    1. How these attacks work and what you can do to protect your network
    2. What data you need to collect to identify the warning signs of an attack
    3. How to identify impacted assets so you can quickly limit the damage
    4. How Unified Security Management (USM) can simplify detection with built-in correlation rules and threat intelligence.

    Both sources offer Africa’s eHealth projects a start. It also needs to be part of comprehensive cyber-security strategies.


  • Barkly sets out three ransomware predictions

    As a criminal business, ransomware’s big. It’s set to be bigger. Jack Danahy, a Barkly co-founder, writing in Barkly’s blog says cyber-attackers will use three new methods in 2017.

    1. An extra threat of doxxing, public disclosure of private records, either a file at a time or as a catastrophic dump to increase the chances of victims paying the ransom
    2. Ransomware infections will spread more quickly and easily
    3. Fileless ransomware will increase rapidly.

    A Barkly survey reports only 5% of US organisations say they paid ransoms. Better back-ups and easier data recovery have reduced ransom attack’s effectiveness. Cyber-criminals are shifting their attacks to businesses instead of consumers to demand more. It means they’re increasing the potential damage and disruption of not paying. Other countries are seen as softer targets too. It’s a warning for Africa’s eHealth and healthcare.

    Ransomware attacks will also increasingly bypasses scanners and signature-based anti-virus security. It raises the chances of infection for less sophisticated organisations. These’ll add to the more common technique of phishing emails with malicious attachments. Fileless attacks aren’t easy to identify using conventional endpoint security tools.

    The lessons for Africa’s eHealth are stark. Two main themes are:

    1. Stepping up basic cyber-security measures rapidly, and not just to deal with ransomware
    2. Adopt more sophisticated cyber-security to deal with emerging new threats, especially ransomware threats.

    Health systems will need investment in new cyber-security skills and solutions. They’ll need new eHealth strategies too.

  • NSA says cyber-attacks in healthcare will be a lot worse

    The nature of cyber-crime’s changing. Health systems are no longer safe. Cyber-criminals have moved on from stealing personal data to using more disruptive tactics. An article in Healthcare IT News says healthcare’s seen the largest jump in ransomware attacks, so more than other organisation.

    Joel Brenner, a Massachusetts Institute of Technology (MIT) research fellow who focuses on cyber-security, privacy and intelligence policy explained “We’re facing industrial espionage on an industrial scale.  If espionage is not the oldest business in the world, it’s the second oldest.”

    While he admits healthcare may not top the list in terms of incidents or breaches, it’s ahead on four unwanted scores:

    1. Highest percentage of incidents
    2. Highest number of incidents by stolen assets
    3. Loses more information
    4. Very high ratio of incidents to breaches.

    These combine into an uncomfortably high success rate for the number of cyber-attacks succeeding more often than not.

    Tangible actions organisations can take to reduce vulnerabilities include privilege misuse and BYOD, which Brenner caustically calls ‘Bring Your Own Disaster.’ Also recognize that not everyone needs access to everything. “It’s about training your people repeatedly,” Brenner said. “You don’t need a big plan, no one opens that manual in times of crisis. You need a simple checklist.”

    Unbroken cyber-security’s essential too. Unfortunately, most organisations can’t afford it and don’t trust a vendor enough to tackle the problem. Information silos offer an equally pressing challenge. Brenner says high-level executives are part of the problem and the solution. “Unless someone high level in these siloes comes in with a baseball bat,” Brenner said, “it’s not going to be solved.” 

    Africa’s health systems can learn from the US’s experience. Putting in place an easy check lists for cyber-security measures and continuously training staff may be two simple steps, but they go a long way in keeping eHealth secure. They’re essential components of cyber-strategies, so why wait until the strategies and plans are in place. Checklists and training can be set up now.

  • A ransomware guide sets out the steps to recovery

    Many healthcare organisations are inexperienced and under-resourced in coping with ransomware attacks. A guide from KnowBe4, Ransomware Hostage Rescue Manual, sets out technical descriptions of the actions to responding to and recovering from an attack. It also details preventative measures needed. Africa’s health systems, eHealth governance teams and technical eHealth teams should use it as a core reference before their organisations are attacked.

    It’s themes include:

    1. A description of ransomware and Bitcoins, the ransomware currency and The Onion Router (TOR), a network and browser that enhances and anonymises Internet traffic
    2. How to identify an infection from symptoms and  Infection Vectors of emails, drive-by downloads free software downloads to avoid
    3. How to respond to an infection
    • Disconnect
    • Determine the scope
    • Identify the ransomware strain
    • Evaluate response option of restore, decrypt or do nothing
    1. Negotiate or  pay the ransom
    • First, restore from backup or shadow volume
    • Second, try decryption
    • Third, do nothing and lose the files
    • Fourth, negotiate or pay the ransom
    • Fifth, review the ransomware attack response checklist
    1. Learn and protect from future attacks with improved:
    • Defence in depth
    • Security awareness training
    • Simulated attacks
    • Antivirus, antispam and firewalls
    • Backups
    1. Implement better cyber-security resources, including a ransomware attack response checklist and a ransomware prevention checklist.

    Applying the guide needs someone with ICT skills. It’s appropriate for someone in each of Africa’s health systems’ ICT teams to take responsibility. They should be accountable to an executive, who in turn should report on progress, risks and actions to eHealth governance teams. Where these are already in place, the Ransomware Hostage Rescue Manual offers an opportunity for a comprehensive review of the effectiveness of the arrangements.

  • India’s planning eHealth laws to tackle data breaches

    As cybercrime expands and eHealth becomes more affected and infected, India’s planning legislation for comprehensive civil and criminal remedies for eHealth data breaches. It’ll also set up an enforcement agency. Provisions are being drafted to deal with any breach of patients’ data.

    A report in the Times of India says the legislation will include a comprehensive legal framework to protect individual’s eHealth data, ownership of eHealth data, and health data standardisation for data collection, storage and exchange. African countries could benefit by monitoring India’s initiative as a comparator for their own eHealth legislation and regulation.

    Much of Africa’s eHealth in its infancy, so most African countries don’t have specific eHealth regulations. In 2012, a study for the European Space Agency (ESA), led by Greenfield Management Solutions (GMS), identified a 45% gap in Africa’s eHealth regulation compared to developed countries. Not much has changed since then. eHNA reported previously on Africa’s eHealth regulatory perspectives. Much more remains to be done, but it must not stifle innovation.