• Cybercrime
  • Cyber-crime’s rampant rise needs Africa’s health systems to respond

    The growing use of technology and connection to the Internet increases susceptibility cyber-crime. Sub-Saharan Africa’s ranked third highest exposure to cyber-crime globally. South Africa has the highest connectivity relative to other African countries, making it a hotspot for cyber-crime. It’s not too surprising it’s ranked first in Africa

    As South Africa’s eHealth blossoms, cyber-criminals have a growing interest in South Africa . Its health systems are not immune to cyber-attacks. Phishing’s the most common form of attack. It’s when cyber-criminals send an apparently legitimate email to entice recipients to respond by providing sensitive information like passwords to accounts and systems, usernames, personal data and other details that can be used mainly for fraud, but also enable ransomware downloads to extort money. It’s an unsophisticated cyber-attack, often successful and frequently used. Avoiding it needs constant vigilance, awareness and trained users.


    An article in the Cover says breaches in healthcare  outweigh all other industries and services. Its data collection, storage and sharing  of confidential patient information makes healthcare perfect targets for cyber-crimminals. If its leaked, it can potentially result in liability claims and grave reputational damage. As healthcare professionals become more reliant on eHealth and its, EHRs and technology, it opens cyber-security windows wider.


    In South Africa, cyber-crime has an economic impact on the nation. It costs an estimated R5.8 billion a year. It’s mainly attributed to risks of system failures and additional costs of restoring systems once hacked. The consequences includes loss of productivity and revenue. Adressing it needs strict legislation, regulation and policies to  help minimise risks and threats. But they’re not enough.


    Healthcare workers need to be more aware of risks and risky behaviours. This needs training and education on avoiding breaches and phishing attacks. They also need to be vigilent with their equipment and materials and adopt best practices.


    Even this is not enough. In a world increasingly driven by technology, having appropriate, effective and far reaching digital cover is imperative. It’s impossible to eliminate cyber-crime’s risks, so rigorous technological solutions are needed to minimise it.  Health systems and organisations have to implement and sustain the most effective holistic cyber-cover that build in modern techniques such as layering defences. Many cyber-attacks breach perimeter defences but don’t reach organisations’data. These are warning signs that need addressing and stopping. A sigh of relief isn’t cyber-security.

  • Cyber-criminals target hospitals in 2017

    As cyber-criminals step up their malevolent activities, health systems aspire to match them. Estimates from the Herjavec Group show that healthcare’s global spending on cyber-security is set to exceed US$65 billion by 2021. But, the real problem isn’t how much healthcare organisations spend, it’s how much they aren’t spending, says an article in HealthcareITNews.

    Herjavec Group’s report says cyber-attacks will become more damaging before they can be challenged. Matt Anthony, Herjavec Group’s vice president of incident response says healthcare organisations’ cyber-security’s set for a rocky year. “In 2017 healthcare providers are the bull’s-eye for hackers.”

    Bitcoin is helping cyber-criminals in their endeavours. It encourages them to pursue ransomware attacks. “Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” says Anthony. “It’s a winning combination for organized crime”

    Connected devices, Internet of Things (IoT), the cloud, EHRs and eHealth systems in general are not always built with cyber-security as their priority. This makes healthcare attractive to hackers.

    Hospitals also have little choice but to pay up after ransomware attacks to retrieve their patients personal data. They’re not usually prepared, underfunded, bogged down by legacy systems and really need the data cyber-criminals have encrypted. This makes them soft targets.

    “Hospitals will pay, they’ll pay fast and they’ll pay what it takes to get data back,” Anthony said. “We ask people not to pay but sometimes there’s no alternative in healthcare.”

    Access management tools and practices are slowly starting to improve, with healthcare organisations increasing the priority of cyber-security. There’s still plenty to do. Africa’s health systems implementing eHealth can learn from these experiences and ensure their systems and staff accord a priority to cyber- security measures from the onset.

  • Malicious insiders can be a major threat

    It’s important not to disregard the human side of cyber-crime and the threat it poses to healthcare, its EHRs and medical devices. The consequences can be devastating. External cyber-attackers aren’t the only threat. Real criminals can be inside healthcare. This is what happens when people trusted with personal and confidential information abuse trust and misuse their power. They’re known as malicious insiders.

    Employees, former employees, contractors or business partners can all have access to organisations’ networks, systems or data. Disgruntled, they may retaliate by stealing and releasing information that can damage organisations and patients. A global research study by Mimecast reported that an alarming 90% of organisations said malicious insiders pose a major threat.

    Findings from Pretenus Breach Barometer in an  article by Healthcare IT News reveal that the number of healthcare security breaches caused by insiders has doubled from January to February. Findings from 26 incidences reported that:

    Malicious insiders contributed to 58% of total breachesTheir attacks are difficult to detect.

    More worrisome findings are:

    Only 23% of respondents are confident that their organisations have invested enough in monitoring systemsThe top three alleged instigators of malicious insiders threats are; 80% of employees meddling in their relatives or friends, 66% financial identity theft and 51% identity theft57% of respondents believe that cyber-attacks are always an inside job Attacks are usually for financial gain.  

    This evidence is a major public health concern. If disgruntled healthcare workers have access to personal and confidential patient data, it’s vital that measures are in place to deny them access. To protect patients and healthcare organisations from insider breaches the healthcare sector should invest in strengthening and protecting organisations’ networks, systems and databases especially those storing personal and confidential information.

    Acfee has information for health ICT professionals  on cyber security practices.

  • Cyber-attack exposes data of nearly 18,000 patients

    Cyber-attacks can have far reaching affects. These are multiplied when the target’s a healthcare organisation’s storing personal patient data. The  Metropolitan Urology Group in the US began notifying patients that a ransomware attack in November 2016 may have exposed their personal data. Nearly 18,000 patients were affected, according to the Department of Health and Human Services’ Office for Civil Rights, says an article in HealthcareITNews.

    The attack was on November 28, 2016. The organisation only discovered it on January 10. It took two months before it started sending notifications to patients on March 10.

    Two of the organisation’s servers were infected by a virus. It may have exposed data of patients attending between 2003 and 2010. The data contained names, patient account numbers, provider identification, medical procedure codes and dates of services. Roughly five of these patients had their Social Security numbers exposed too.

    Metropolitan Urology has been working with an ICT firm to remove the ransomware. Its learned from the experience too, and applying extra cyber-security measures to deter future attacks. All traffic from the affected servers is blocked, the firewall’s improved, email security’ stepped up and protection of all employee devices is in place. These are part of an overall upgrade to its policies and procedures. The organisation’s currently conducting a risk analysis of its ICT system to determine vulnerabilities.

    As compensation, all affected patients will receive one year of free credit monitoring. Metropolitan Urology has also set-up a call centre to answer questions about the breach.

    Any type of cyber-attack could have serious consequences for patients and the hospital. To protect patient data and ensure patients sustain their trust in eHealth services is crucial. It’s critical that organisations are aware of cyber-security threats and rectify and learn from them promptly. Regular staff training and awareness are crucial cyber-security components. Regular, routine and rigorous checks to ensure systems are intact and not breached are too. These are examples of how Africa’s health systems should approach their eHealth cyber-security endeavours.

  • How to combat SQL and XSS cyber-attacks

    Just because it’s an old hat doesn’t mean cyber-criminals give it up. Structured Query Language (SQL) the long-standing international standard for database manipulation, can still be part of a cyber-attack. SQL injection and Cross-Site Scripting (XSS) attacks enables cyber-attackers to inject client-side script, JavaScript, or Hypertext Markup Language HTML into web pages so other users can see them.

    JavaScript’s an object-oriented programming language for creating interactive effects in web browsers. HTML’s a standardised system for tagging text files to achieve font, colour, graphic, and hyperlink effects on web pages.

    SQL injections are common for Hypertext Preprocessor (PHP) applications, usually on Linux servers and with MySQL, and Active Server Page (ASP), Microsoft’s web server technology for creating dynamic, interactive sessions with users. Code Project has a post describes a small, sample code to deal with the vulnerabilities and combat these attacks. It’s available to download.

    There’s more help, advice and a demonstration on a webcast from Alien Vault. It’s released it partly because it says SQL injection and Cross-Site Scripting (XSS) attacks affect millions of users and they need Security Information and Event Management (SIEM) solutions to find these vulnerabilities. SIEM collects and correlates data to identify patterns and raise alerts on cyber- attacks.

    Watch this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.

    How these attacks work and what you can do to protect your networkWhat data you need to collect to identify the warning signs of an attackHow to identify impacted assets so you can quickly limit the damageHow Unified Security Management (USM) can simplify detection with built-in correlation rules and threat intelligence.

    Both sources offer Africa’s eHealth projects a start. It also needs to be part of comprehensive cyber-security strategies.


  • Barkly sets out three ransomware predictions

    As a criminal business, ransomware’s big. It’s set to be bigger. Jack Danahy, a Barkly co-founder, writing in Barkly’s blog says cyber-attackers will use three new methods in 2017.

    An extra threat of doxxing, public disclosure of private records, either a file at a time or as a catastrophic dump to increase the chances of victims paying the ransomRansomware infections will spread more quickly and easilyFileless ransomware will increase rapidly.

    A Barkly survey reports only 5% of US organisations say they paid ransoms. Better back-ups and easier data recovery have reduced ransom attack’s effectiveness. Cyber-criminals are shifting their attacks to businesses instead of consumers to demand more. It means they’re increasing the potential damage and disruption of not paying. Other countries are seen as softer targets too. It’s a warning for Africa’s eHealth and healthcare.

    Ransomware attacks will also increasingly bypasses scanners and signature-based anti-virus security. It raises the chances of infection for less sophisticated organisations. These’ll add to the more common technique of phishing emails with malicious attachments. Fileless attacks aren’t easy to identify using conventional endpoint security tools.

    The lessons for Africa’s eHealth are stark. Two main themes are:

    Stepping up basic cyber-security measures rapidly, and not just to deal with ransomwareAdopt more sophisticated cyber-security to deal with emerging new threats, especially ransomware threats.

    Health systems will need investment in new cyber-security skills and solutions. They’ll need new eHealth strategies too.

  • NSA says cyber-attacks in healthcare will be a lot worse

    The nature of cyber-crime’s changing. Health systems are no longer safe. Cyber-criminals have moved on from stealing personal data to using more disruptive tactics. An article in Healthcare IT News says healthcare’s seen the largest jump in ransomware attacks, so more than other organisation.

    Joel Brenner, a Massachusetts Institute of Technology (MIT) research fellow who focuses on cyber-security, privacy and intelligence policy explained “We’re facing industrial espionage on an industrial scale.  If espionage is not the oldest business in the world, it’s the second oldest.”

    While he admits healthcare may not top the list in terms of incidents or breaches, it’s ahead on four unwanted scores:

    Highest percentage of incidentsHighest number of incidents by stolen assetsLoses more informationVery high ratio of incidents to breaches.

    These combine into an uncomfortably high success rate for the number of cyber-attacks succeeding more often than not.

    Tangible actions organisations can take to reduce vulnerabilities include privilege misuse and BYOD, which Brenner caustically calls ‘Bring Your Own Disaster.’ Also recognize that not everyone needs access to everything. “It’s about training your people repeatedly,” Brenner said. “You don’t need a big plan, no one opens that manual in times of crisis. You need a simple checklist.”

    Unbroken cyber-security’s essential too. Unfortunately, most organisations can’t afford it and don’t trust a vendor enough to tackle the problem. Information silos offer an equally pressing challenge. Brenner says high-level executives are part of the problem and the solution. “Unless someone high level in these siloes comes in with a baseball bat,” Brenner said, “it’s not going to be solved.” 

    Africa’s health systems can learn from the US’s experience. Putting in place an easy check lists for cyber-security measures and continuously training staff may be two simple steps, but they go a long way in keeping eHealth secure. They’re essential components of cyber-strategies, so why wait until the strategies and plans are in place. Checklists and training can be set up now.

  • A ransomware guide sets out the steps to recovery

    Many healthcare organisations are inexperienced and under-resourced in coping with ransomware attacks. A guide from KnowBe4, Ransomware Hostage Rescue Manual, sets out technical descriptions of the actions to responding to and recovering from an attack. It also details preventative measures needed. Africa’s health systems, eHealth governance teams and technical eHealth teams should use it as a core reference before their organisations are attacked.

    It’s themes include:

    A description of ransomware and Bitcoins, the ransomware currency and The Onion Router (TOR), a network and browser that enhances and anonymises Internet trafficHow to identify an infection from symptoms and  Infection Vectors of emails, drive-by downloads free software downloads to avoidHow to respond to an infectionDisconnectDetermine the scopeIdentify the ransomware strainEvaluate response option of restore, decrypt or do nothingNegotiate or  pay the ransomFirst, restore from backup or shadow volumeSecond, try decryptionThird, do nothing and lose the filesFourth, negotiate or pay the ransomFifth, review the ransomware attack response checklistLearn and protect from future attacks with improved:Defence in depthSecurity awareness trainingSimulated attacksAntivirus, antispam and firewallsBackupsImplement better cyber-security resources, including a ransomware attack response checklist and a ransomware prevention checklist.

    Applying the guide needs someone with ICT skills. It’s appropriate for someone in each of Africa’s health systems’ ICT teams to take responsibility. They should be accountable to an executive, who in turn should report on progress, risks and actions to eHealth governance teams. Where these are already in place, the Ransomware Hostage Rescue Manual offers an opportunity for a comprehensive review of the effectiveness of the arrangements.

  • India’s planning eHealth laws to tackle data breaches

    As cybercrime expands and eHealth becomes more affected and infected, India’s planning legislation for comprehensive civil and criminal remedies for eHealth data breaches. It’ll also set up an enforcement agency. Provisions are being drafted to deal with any breach of patients’ data.

    A report in the Times of India says the legislation will include a comprehensive legal framework to protect individual’s eHealth data, ownership of eHealth data, and health data standardisation for data collection, storage and exchange. African countries could benefit by monitoring India’s initiative as a comparator for their own eHealth legislation and regulation.

    Much of Africa’s eHealth in its infancy, so most African countries don’t have specific eHealth regulations. In 2012, a study for the European Space Agency (ESA), led by Greenfield Management Solutions (GMS), identified a 45% gap in Africa’s eHealth regulation compared to developed countries. Not much has changed since then. eHNA reported previously on Africa’s eHealth regulatory perspectives. Much more remains to be done, but it must not stifle innovation.

  • Kenyan government’s hacked

    It’s not only the frequency of cyber-attacks in Kenya. It’s the size and sophistication of these assaults that has government and businesses on edge. The recent hacking of Kenya’s Government in November 2016 has highlighted the increasing attacks in the country and spotlighted the vulnerabilities and losses to government and online businesses. An article in Arbor Networks says the losses, a staggering US$146m a year.

    It has attributed to the major increase in connected devices. “Kenya and its surrounding countries has continuously attracted nefarious activities by cyber criminals, and the proliferation in distributed denial-of-service (DDoS) attacks in the region is today as much a reality as it is globally,” says Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks. the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research rates it as the world’s leading provider of DDoS protection in enterprise, carrier and mobile markets.

    Paul Roy Owino, president of Information Technology, Security and Assurance (ISACA), says Kenya has recorded up to 3,000 cyber-related crimes a month. They include banking fraud, money transfer using M-pesa and interference with personal data.

    Mark Campbell, consulting engineer for sub-Saharan Africa, highlights another security risk. Many IoT devices run on Open Source (OS) operating systems, mainly because it’s cheaper to develop, so more affordable and with a shorter time frame from development to use. “However, the result is that the code is poorly written with numerous security vulnerabilities. Of course the majority of users do not have the time, patience or expertise to test these for vulnerabilities, making many IoT devices, including our home appliances, a threat actors’ dream” says Campbell.

    Although government sites are generally not built solely for commerce, Hamman warns that often when cyber-criminals take sites offline they often do it as a smokescreen for more devious behaviour. He says “Whilst site owners are distracted by their website being down, cyber criminals use this shift in focus to create a more threatening and targeted DDoS attack on the company or institution with the purpose of infiltrating the network and holding the victims to ransom for money or political motivations, or to steal valuable data and intelligence, such as flight plans for private or military planes, amongst others.”

    Hamman warns that:

    Security is a multi-layered problem and continuous processA one size fits all security solution doesn’t existsPreparation is keyWhen under attack, every second countsOrganisations need people, policies and processes in place so actionable intelligence and a practiced workflow to investigate a breach are kicked off immediatelyOrganisations need pervasive visibility across its fixed, mobile and cloud network feeding into a threat management solutionNever assume that a single breach or compromise was it, so it’s over, because a DDoS attack is almost always part of a wider cyber-crime strategy, so the right tools must be in place to understand the breadth and scope of breach.

    Cyber-security has  become a major requirement for successful eHealth. With complex attacks on the rise, it’s more important than ever for healthcare organisations to have policies and strategies in place to protect their data and specify what they must do in response to a breach.