• Cybercrime
  • USBs are a cybercrime risk

    A cyber-security campaign by two researchers, Karsten Nohl and Jakob Lell, has led them to sharing online the computer code, the BadUSB flash, which can turn almost any device that connects using a USB into a cyber-attack platform. Their goal is to force electronics firms to improve defences against attack by USB. The BBC technology site has commentary on their altruistic activities.

    They discovered that the weakness is in the on-board software, the firmware. It tells a computer what kind of a device is being plugged into a USB socket. There’s a way to subvert this and install attack code. Two other researchers, Adam Caudill and Brandon Wilson, have completed their reviews of BadUSB too, and produced code to exploit it. It now seems well understood, but the fix may be difficult to deal with. It seems that the problem is structural because the standard used is not robust enough, and individual vendors can change it.

    With numerous USBs often switched between laptops and other devices, African countries need rigorous control of users’ habits as well as looking for secure USB devices. This is quite a challenge with the wide range and uses of USBs.

  • Healthcare's in the thick of cybercrime

    It’s well-understood that cyber-crime is not going away and that cyber-security is becoming more important. The impact of cyber-crime on healthcare may be a little less clear. A special report on cyber-security in The Economist makes it explicit.

    It has eight parts:

    Defending the digital frontier Cyber-crime Vulnerabilities Business Critical infrastructure Market failures The Internet of Things (IoT) Remedies.

    A stark number for eHealth is the table on average costs of data breaches per record in 2013. Healthcare is the most expensive at about $350m, well ahead of education at less than $300. The financial sector is just over $200 per record. The numbers are from the Ponemon Institute.

    These costs derive from about 822m breaches in 2013. This is from Risk Based Security’s survey.

    Alongside this, there are more cyber-criminals, they’re increasingly professional and they’re better organised. They’re the biggest threat. Other types, such as hacktivists, have different goals that can damage organisations’ reputations.

    IoT expansion creates new cyber-crime opportunities. Cisco forecasts the number of connected IoT devices to grow from about 15m in 2014 to 50m in 2020, about a 230% increase. Cyber-criminals may have trouble with their keyboard skills while they’re rubbing their hands in anticipation. Many of these IoT devices are in healthcare, such as insulin recorders and other medical monitoring devices. Some of these have been hacked already.

    What’s to be done? The report proposes sound, basic strategies, such as prevention is better than cure, and security hygiene, and incentives for compliance. Secure data storage is a vital part of cyber-security. The ability to think like a cyber-criminal isn’t a bad trait too.

  • Ghana's fight against cyber-crime steps up

    Cyber-crime’s a global phenomenon with national, local and personal impacts. eHealth News Africa (eHNA) has reported on the escalating cyber crime activity in Ghana which has become a source of serious concern to the public and government.

    Police in Ghana recently arrested a 26-year-old undergraduate student for allegedly defrauding people through a hoax online organisation tempting Ghanaian students with foreign scholarships. Six cybercriminals from Nigeria were arrested for possessing Presidential letterheads, and templates from the Interior Ministry, the High Court and other state institutions. They allegedly used these to defraud people.

    Technology analyst John-Osei Seidu told Biztechafrica that cyber-crime is out of control and that the government is quickly running out of ideas on how to address the issue. These activities are prevalent in all countries, and preventing them is challenging. In an attempt to curb these growing cyber-crime activities, the Ghanaian government is planning to introduce a National Cyber Security Strategy. Its aim is lay a foundation to fight the country’s rising cyber-crime. It’s a good opportunity to incorporate eHealth regulatory and ICT tools and good practices to help to ensure the personal health data is protected.

    Kenya introduced its Cyber Security Policy currently steered by the ICT Authority through the National Cyber Security Master Plan (NCSMP). Kenya has taken the first step towards building a cyber security framework to suit Kenya’s unique cyber threats.

  • Cyber-crime: a continuing threat

    Mobile devices continue to be in the spotlight as the latest criminal target. According to the 2013 Trustwave Global Security Report, there was a massive 400% increase in mobile malware in 2012.

    A recent report by Gartner lists the top three most sought-after cloud services for 2014. They are:

    email security web security identity and access management.

    With cybercrime not showing any signs of slowing down, cybercriminals will continue to find new and innovative ways to attempt to access information. Companies globally are increasing their security protocols to secure and protect their data. The biggest risk for eHealth in Africa is that these threats are not recognized and that the appropriate security measures are not in place to protect personal health information.

  • Most health data breaches are cyber-crimes

    Alarmingly, over the last decade, most health data breaches are by hackers and cyber criminals, says data security firm ID Experts in its report A Decade of Data Breach – An Evolution, a USA data security firm. It identifies 12 privacy and security trends that need attention by healthcare organizations.

    American Medical News and iHealthBeat have commentaries on the report that identifies 12.5 million victims of identity theft, compared to 5 million in 2003. ID Experts attribute the increase partly to the changing nature of health data security breaches. Human error used to be the main cause. Now, hackers and cyber criminals are targeting personal health information that is valuable and relatively easy for thieves to access. Rick Kam, president and co-founder of ID Experts says, “Criminals essentially are finding ways into those systems to go after very specific pieces of data, and using data to create bigger frauds.”

    Kam says surveys show that 94% of health care organizations have had at least one data breach in the last two years. American Medical News says the increasing use of mobiles and more data stored on unsecured smartphones, laptops and tablets create increased criminal opportunities and risk for healthcare organizations.

    This exposure for Africa is included in Greenfiled’s eHealth Regulatory Summary Report.