Security researcher Sai Krishna Kothapalli in a blog post on Medium has detailed how easy it is for anyone to access medical records of patients across states and hospitals, both government and private, in India. The researcher also explains how these data can be exploited by hackers to make phishing attacks.
Commenting on this Adam Palmer, Chief Cybersecurity Strategist at Tenable said, “Healthcare organisations are a target for cyberattacks because of the wealth of personal and sensitive data they store. As healthcare organisations adopt dynamic technologies like cloud, web applications and IoT amongst others, it dramatically expands the attack surface making them more vulnerable to cyberattacks.
The healthcare ecosystem encompasses a highly distributed architecture, some of which are managed by third party manufacturers to improve functionality and collaboration. Examples of this include smart connected HVAC, lighting, and humidity controls. The ramification of having multiple access points is that, if a supplier is breached, the bad actor might be able to permeate and traverse across to other connected systems into hospital networks.
In today’s digital-everything world, healthcare organisations must be able to understand where they are exposed and to what extent. This includes mapping and managing third-party risks. With confidential information at stake, it’s imperative that security teams within hospitals segment networks, isolate privileged accounts and regularly review their security posture to ensure controls are in place to comply with privacy regulations and security standards. By managing these risks, healthcare organisations will be able to benefit from safer and more efficient care.”