How Russian, Chinese Hackers Steal Your Medical Data

Russian hackers released confidential medical information about Simone Biles and dozens more 2016 Olympic athletes, the World Anti-Doping Agency disclosed. Other Russian-leaked documents allege that Serena Williams has used drugs commonly used to treat muscle injuries, such as anti-inflammatories. Image: Evgeny Tchebotarev, CC BY 3.0

“It’s not even hacking. It’s walking into an open door.” – Jackie Singh, Spyglass Security

| ‘Medical privacy’ is a total myth

Sep 18, 2019

| Mother Jones – Medical images and health data belonging to millions of Americans, including X-rays, MRIs, and CT scans, are sitting unprotected on the internet and available to anyone with basic computer expertise.

The records cover more than 5 million patients in the U.S. and millions more around the world.

In some cases, a snoop could use free software programs—or just a typical web browser—to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.

We identified 187 servers—computers that are used to store and retrieve medical data—in the U.S. that were unprotected by passwords or basic security precautions.

The computer systems, from Florida to California, are used in doctors’ offices, medical-imaging centers, and mobile X-ray services.

The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years.

Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies.

“It’s not even hacking. It’s walking into an open door,” said Jackie Singh, a cybersecurity researcher and chief executive of the consulting firm Spyglass Security.

Some medical providers started locking down their systems after we told them of what we had found.

Our review found that the extent of the exposure varies, depending on the health provider and what software they use.

For instance, the server of U.S. company MobilexUSA displayed the names of more than a million patients—all by typing in a simple data query.

Their dates of birth, doctors, and procedures were also included.

Alerted by ProPublica, MobilexUSA tightened its security last week. The company takes mobile X-rays and provides imaging services to nursing homes, rehabilitation hospitals, hospice agencies and prisons.

“We promptly mitigated the potential vulnerabilities identified …” Read more. 

China’s hackers are ransacking databases for your health data

Aug 21, 2019

WIRED – In May 2017, the WannaCry ransomware spread around the globe.

As the worm locked Windows PCs, the UK’s National Health Service quickly ground to a halt. 19,000 appointments were cancelled, doctor’s couldn’t access patient files and email accounts were taken offline.

But North Korean hackers behind WannaCry didn’t touch one thing: patient data. No personal information was stolen, the NHS has concluded. The cyberattack was purely to cause disruption and an attempt to earn the hermit state some much-needed cash.

The same can’t be said for China. New analysis has indicated that state-sponsored hackers from the country are targetting medical data from the healthcare industry.

Research from security firm FireEye, has identified multiple groups with links to China attacking medical systems and databases around the world. These attacks include incidents in 2019, but also date back as far as 2013.

Increasingly the company says it is seeing the country’s hacking groups attempting to obtain data that’s used for studying medical conditions. ”

There’s a prevalence of multiple Chinese groups over the last several years, and continuing in what we see today, targeting medical researchers in particular,” says Luke McNamara, a principle analyst at FireEye who worked on the research.

“There seems to be a particular focus among some of that activity that is on entities whose primary focuses is cancer research,” McNamara says.

FireEye doesn’t name any of the organizations that have been targeted but places blame on known hacking groups – called advanced persistent threats (APT).

The company says the Chinese-linked APT41, APT22, APT10 and APT18 have all been seen trying to obtain medical data in recent years.

In April 2019, FireEye claims Chinese cyber espionage actors targeted a US-based healthcare center that specialises in cancer research … Read more.