Hospitals are at a high risk of cyberattacks, but patients don’t realize it

hospitals-are-at-a-high-risk-of-cyberattacks,-but-patients-don’t-realize-it

As we begin, allow me to say that camDown .

Log in or sign up to leave a comment

level 1

This is true from what I have observed. Hospitals are severely underfunded when it comes to both infrastructure ("If it works, just keep using it") and cybersecurity awareness training.

level 2

The bigger issue is hospitals are 24/7 and "security" just disrupts workflow. They believe if the FDA didnt mandate it they dont need it. Which is how all the med devices are certified.

level 2

Underfunded or profits mismanaged?

level 1

This is currently my life, got dropped into a situation where i am network engineer, cyber security analyst, help desk, voip admin, and classic sysadmin all in one in a hospital. I've literally never seen a worse infrastructure in my life.

level 2

Did the users all have local admin when you started? That wouldn't even surprise me.

level 2

You poor soul. May Kernel have mercy.

level 1

BuT fAX iS SecUrE!

-- Every public institution in my Country

level 2

Honestly though now that I'm thinking about it, is there a man-in-the-middle method for intercepting faxes? I feel like they'd be harder to intercept than a network connection. But I don't actually know for sure.

level 1

What can I say, last time I visited one of the hospitals in Dublin, Ireland (a good few months after the Irish HSE got hacked btw) I saw a big glaring "your Telnet connection has been terminated" in the middle of one of the screens that the doctors were using. Soooo, I mean...

level 1

It’s scary, really. You need to be able to trust in the care provider and their ability to maintain normal operations. You don’t want to be the unlucky patient relying on a consistent drip from an infusion pump that gets compromised.

Sadly most operations almost have an “it’s not a problem until it is” mentality with security. You wouldn’t hold off on installing locks when building a new home, would you?

level 1

For years I thought since they had a bigger IT staff they were more secure then the place I was at. Now that I know more I'm shocked that every hospital hasn't been ransomwared

level 1

You have no idea. I don’t know what’s worse, the infrastructure or the users.

level 1

That’s because they don’t understand, or care to understand. They bury their heads in the sand.

level 1

Oh I realize it. They notoriously use common passwords that are connected to your body.

level 1

This is one (small) reason I’m retiring early. As IT in healthcare this shit is getting more dire than I’m willing to deal with.

level 1

Yep, especially when they have IT staff who don’t think they should apply security updates because they don’t think they apply. Or companies that don’t layer there security, the list could go on about the incompetence that goes on at the IT departments for Hospital’s and Clinics.

level 1

"We got hacked and they got your bank info, SSN, and medical records. Here's a year of free credit monitoring."

level 2

· 12hSoftware & Security

Please explain to me how blockchain should replace fax, telnet, and troves of outdated security practices.

Work from a problem back to a solution. Don't grab a solution and look for a problem.

level 1

· 2hBlue Team

Who here works for Healthcare IT?

How many staff are there in you InfoSec / Cybersec Team, and how many beds do you serve?

In conclusion, now let's stop for a moment and consider that camDown .