I found a news article that shows a new scary security threat that has been discovered in the medical field. I could not read the news article as it says that I am out of free page views and now need to pay. I just found it on the default Firefox homepage of trending news stories, just only saw the excerpt. From the excerpt, it stated that the malware changes the image of what the CT scan machine is sending to the receiving computer, so that what the doctor or specialist sees is a false image showing that the patient has cancer. I was able to find other articles regarding the story of the CT scan malware that the researchers created. Here are a few. :
https://www.bbc.com/news/technology-47812475
http://www.digitaljournal.com/life/...-highlight-medical-device-risk/article/546990
https://gizmodo.com/researchers-demonstrate-malware-that-can-trick-doctors-1833786672
This is like another wave of fear for the IT Security Administrators working for the medical industry it seems like. The recent one was the ransomware attacks of 2017 and 2018, that targeted hospitals and medical institutions, and now this discovery of a possible threat that has been discovered regarding CT Scan malwares. The malware discovered from the researchers actually prompted the Department of Homeland Security to send out a cyber threat warning.
The worst part is that, "many electronic medical devices have been designed with hard-coded passwords that can enable hackers to modify their settings or install onto systems rogue firmware."(Digital Journal, April 3 2019). I am a graduate student, that is studying in the field of information, network, and computer security. From my knowledge of my current studies and my undergraduate studies, many professor have stated in my classes that securing devices with hard coded passwords is not only a nightmare for a IT Admin, but is also known to be much more expensive to secure compared to devices that allow admins to set passwords. I sometimes feel confused to why many medical device manufacturers use hard coded passwords, instead of enabling the IT Admin of setting a password. I also get confused to why can't hospitals switch their less secure medical equipments, to those made by manufacturers that make the more secure medical equipments, which allow the IT Admin to set the passwords. It is obvious in the world of IT and computer security that the medical industry is the major target for many adversaries, but why are the IT professionals that work in those industries don't understand, this is something absurd.
The ransomware attacks of 2017 and 2018 for sure was not the first time that a technological threat hurt the medical industry. I am not sure how many people remember or know about the following incident, but I learned about the following event during one of my undergrad classes. This tech threat event happened way back in the 1980's when a software called Therac 25 was used for conducting x-rays. This software, that was released in 1982, had a glitch that was only discovered after incidents that occurred in 1985 and 1987, where the glitch caused the X-ray machine to burn the patients with excessive radiation. This incident occurred like more than 30 years ago, and here we are today, where hospitals still have very vulnerable equipment.
What are your thoughts and opinions about this scary topic?
https://www.bbc.com/news/technology-47812475
http://www.digitaljournal.com/life/...-highlight-medical-device-risk/article/546990
https://gizmodo.com/researchers-demonstrate-malware-that-can-trick-doctors-1833786672
This is like another wave of fear for the IT Security Administrators working for the medical industry it seems like. The recent one was the ransomware attacks of 2017 and 2018, that targeted hospitals and medical institutions, and now this discovery of a possible threat that has been discovered regarding CT Scan malwares. The malware discovered from the researchers actually prompted the Department of Homeland Security to send out a cyber threat warning.
The worst part is that, "many electronic medical devices have been designed with hard-coded passwords that can enable hackers to modify their settings or install onto systems rogue firmware."(Digital Journal, April 3 2019). I am a graduate student, that is studying in the field of information, network, and computer security. From my knowledge of my current studies and my undergraduate studies, many professor have stated in my classes that securing devices with hard coded passwords is not only a nightmare for a IT Admin, but is also known to be much more expensive to secure compared to devices that allow admins to set passwords. I sometimes feel confused to why many medical device manufacturers use hard coded passwords, instead of enabling the IT Admin of setting a password. I also get confused to why can't hospitals switch their less secure medical equipments, to those made by manufacturers that make the more secure medical equipments, which allow the IT Admin to set the passwords. It is obvious in the world of IT and computer security that the medical industry is the major target for many adversaries, but why are the IT professionals that work in those industries don't understand, this is something absurd.
The ransomware attacks of 2017 and 2018 for sure was not the first time that a technological threat hurt the medical industry. I am not sure how many people remember or know about the following incident, but I learned about the following event during one of my undergrad classes. This tech threat event happened way back in the 1980's when a software called Therac 25 was used for conducting x-rays. This software, that was released in 1982, had a glitch that was only discovered after incidents that occurred in 1985 and 1987, where the glitch caused the X-ray machine to burn the patients with excessive radiation. This incident occurred like more than 30 years ago, and here we are today, where hospitals still have very vulnerable equipment.
What are your thoughts and opinions about this scary topic?
Last edited: