Legacy Medical Devices Remain Easy Targets for Cyber Threats

 

Do you think that your health data secure?

Most of the people don't really think about this question. But imagine, what would you do if your health data ended up on the internet one day? Once it's exposed, you can't undo it. That's scary and disturbing, isn't it?

Anyone who worked with medical systems knows that it is quite difficult to patch the vulnerabilities on these systems. Main reasons are: 1) Many of the systems run on outdated software that no longer supports new patches. 2) Updates are too risky because they can interrupt care or cause devices to fail during use. So, many of these devices stay unpatched and highly vulnerable to cyber attacks.

Researchers from Claroty's Team82 analyzed over 2.25 million Internet of Medical Things (IoMT) devices and more than 647,000 operational technology (OT) devices across 351 healthcare organizations. They found that 99% of these organizations had vulnerabilities with publicly available exploits, as listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. (Yes, 99%. We can say (almost) "all of them")

You can find the report in the following link:

https://bit.ly/4j1es7d

https://bit.ly/3FOYOgp

Headlines:

"...the firm was able to analyze the security state of more than 2.25 million IoMT devices and more than 647,000 OT devices across 351 healthcare organizations – and found that 99% of the organizations are vulnerable to publicly available exploits..."

Chinese AI DeepSeek Database Is Exposed

A Chinese company DeepSeek AI Database is exposed recently and over 1 million log lines and secret keys are leaked.

Choose your AI wisely. Choose your software wisely. Cheap software might end up costing you far more in the long run. While no choice is entirely risk-free, it's best to use software from countries that uphold strong democratic values, justice, and human rights. Your data is being collected and sold to third parties. This is almost unavoidable. If it must happen, it's (relatively) safer in the hands of democratic countries. (Consider it the lesser of two evils.)

https://bit.ly/4hmIqBQ

[Headlines]

"Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.

The ClickHouse database 'allows full control over database operations, including the ability to access internal data,' Wiz security researcher Gal Nagli said.

The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them.

The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is said to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalation within the DeepSeek environment without requiring any authentication."

"Furthermore, DeepSeek's apps became unavailable in Italy shortly after the country's data protection regulator, the Garante, requested information about its data handling practices and where it obtained its training data..."

"Bloomberg, Financial Times, and The Wall Street Journal have also reported that both OpenAI and Microsoft are probing whether DeepSeek used OpenAI's application programming interface (API) without permission to train its own models on the output of OpenAI's systems, an approach referred to as distillation."

UN Aviation Agency ICAO Confirms Recruitment Database Security Breach

Hackers target a broad spectrum of organizations for their attacks, from telecom companies to hospitals. Their victim was United Nations this time.

Approximately, 42,000 records were stolen from the database of the United Nations' International Civil Aviation Organization (ICAO).

https://bit.ly/3PBiOVx

"The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database."

"According to Natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information.

Another threat actor said the leaked archive contains 2GB of files with information on 57,240 unique emails."

"'The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,' ICAO said."

"Threat actors also hacked UN networks in Vienna and Geneva in July 2019 using a Sharepoint exploit, gaining access to staff records, health insurance, and commercial contract data."

Cyber Attacks on UK Drinking Water Supplies

Cybersecurity is paramount for all sectors, especially those critical to our infrastructure. The consequences can be catastrophic if critical infrastructures are compromised by cyberattacks. Imagine the chaos that would ensue if you were without water for even three days.

A record number of cyber incidents impacted Britain’s critical drinking water supplies in 2024 without being publicly disclosed.

https://bit.ly/4fRV0s2

"Across all regulated critical national infrastructure sectors, more NIS incidents have been reported this year than ever before, with the transport and drinking water sectors the most impacted. In 2024, there were at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information (FOI) Act. In previous years there were no more than two."

San Joaquin County Superior Court Cyber Attack

 

Another cyber incident about JoIP (Justice over IP).

But first recall this:

https://bit.ly/40FHQK5

Cybercriminals can target any system connected to the internet, regardless of its importance or sensitivity. From personal devices to critical infrastructure, no system is immune, including justice systems which rely on an IT infrastructure.

Last week, a cyberattack disrupted operations at a California (USA) court, causing technological outages

A pressing concern can arise among the public at this point: If cybercriminals can breach court systems, could they also manipulate critical legal documents?

Well... The answer is not easy to tell. While the exact extent of potential damage is difficult to assess, it is clear that such attacks pose a serious threat to the integrity of the justice system.

https://bit.ly/3CavMGg

"The attack knocked out all of the court’s phone and fax services, websites containing juror reporting instructions, the e-filing platform, credit card payment processing and more. Some jurors scheduled for this week were excused."

"The attack comes just months after the Los Angeles County Superior Court system was hit with a ransomware attack that caused identical issues for weeks..."

"Government bodies across California continue to face an unprecedented wave of cyberattacks affecting city, county and state-level services. On Thursday (31.10.2024), the Housing Authority of the City of Los Angeles confirmed it is facing its second major cyberattack in the last two years."

Landmark Data Breach

You can take necessary cybersecurity countermeasures for your system but will that be enough?

Of course not. Quite many organizations overlook the security of their third-party service providers, which can lead to significant financial and reputational damage.

"Landmark, a Texas-based third-party insurance administrator, has disclosed a data breach that affects more than 800,000 individuals. The incident was detected in May; the compromised data include names, Social Security numbers, tax ID numbers, drivers’ license and state-issued identification card numbers, passport numbers, bank account and routing numbers, medical information, health insurance policy information, dates of birth, and/or life and annuity policy information..." (OMG! What else?)

See the link below for the summary of the breach:

https://bit.ly/3NQ28bP

https://bit.ly/3NJaEtj

"The Texas-based company works as a third-party administrator for insurance carriers like Liberty Bankers Insurance Group (LBIG), which includes American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company."

"The breach notification letters note that the first incident occurred on May 13, when an IT team discovered “suspicious activity” that required them to disconnect the affected systems and hire a third-party cybersecurity firm. 

An investigation revealed that “there was unauthorized access to Landmark’s network and data was encrypted and exfiltrated from its system.” The hackers were in Landmark’s systems from May 13 to June 17." (The hackers were in the system for more than one month.)

"Landmark told regulators in Maine that 806,519 people were affected in total but they also filed documents in California and Texas, warning that about 68,000 Texans were impacted.

Insurance companies and their partners or subsidiaries are frequent targets for cyberattacks eager to steal volumes of sensitive health-related data. Last week, insurance firm Globe Life told the U.S. Securities and Exchange Commission that is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary."

American Water Works Cyber Attack

Cyber security on critical infrastructure are really critical but you need to understand it before you get hit by a cyber attack. Understand this before you are left without electricity or water. Take the cyber threats seriously and take countermeasures against cyber threats before it's too late.

American Water Works, a major water utility, was recently targeted by a cyber attack, they announced via a statement. While the company reported that its water and wastewater facilities were not directly affected, the incident underscores the vulnerability of critical infrastructure to cyber threats. A successful cyber attack on a critical infrastructure provider could have severe consequences, including disruptions in essential services and potential public health risks. Investing in robust cybersecurity measures is essential to protect critical infrastructure and ensure the continued delivery of essential services.

https://bit.ly/4eNgl50

"The company’s MyWater account system is currently down, according to a notice on the company website, and all appointments set up by customers will be rescheduled. Additionally, all billing has been paused until further notice as they try to bring systems back online — there will be no late charges or service shut offs while systems are down."

"American Water Works provides drinking water, wastewater and other related services to an estimated 14 million people in 14 states as well as 18 military installations. From its regulated businesses, the company reported a net income of $971 million for 2023."

"American Water Works did not respond to requests for comment about whether they are dealing with a ransomware attack or if a ransom has been issued."

The EPA (U.S. Environmental Protection Agency) said in May (2024) that in recent inspections, over 70% of water systems examined do not fully comply with the Safe Drinking Water Act and some 'have critical cybersecurity vulnerabilities, such as default passwords that have not been updated and single logins that can easily be compromised.'”

Vastaamo Hack: Therapy Notes Hacker Jailed for Blackmail

Julius Kivimäki who is (was) one of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential notes he stole.

He broke the database of Finland's largest psychotherapy company (Vastaamo). We saw once again the well-known but neglected fact: It's not important how big your company is. You can be hacked if you didn't take the necessary countermeasures against cyber attacks.

Investigations found that the databases of the company were vulnerable and open to the internet without proper protections. Yes, it can sound unbelievable but there may be too many similar companies on the world.

It is also worth to mention that the boss of Vastaamo was convicted of failing to protect his customers' sensitive data. (3-month prison) The managers DO have to be aware of that they also have a responsibility to protect the data of their customers. Otherwise they can face a prison sentence.

https://bit.ly/4abmYvl

"In terms of the number of victims, his trial was the biggest criminal case in Finnish history."

"He demanded a 400,000 Euro (£340,000) ransom from the company.

When it refused, he emailed thousands of patients asking for 200 Euros and threatening to publish their notes and personal details on the darknet which he did anyway in full."

"The boss of Vastaamo, Ville Tapio, was also convicted of failing to protect his customers' sensitive data.

Investigations found that the databases were vulnerable and open to the internet without proper protections.

He was given a suspended three-month prison sentence last year.

The company which was once a highly regarded and successful business in Finland collapsed after the hack."