Cyber security news round-up

Digital Health’s latest cyber security round-up looks at industry news from the healthcare world and beyond, including research suggesting that Britain is days away from ‘anarchy’ and details of a cyber-attack on National Lottery owners, Camelot.

Healthcare security incidents tripled in 2017

The global healthcare industry saw a 210% increase in the number of cyber security incidents in 2017, according to McAfee.

The internet security firm found that, while incidents fell by more than three-quarters in Q4, the number of overall incidents skyrocketed last year as hackers looked to exploit weaknesses in vulnerable healthcare IT infrastructure.

Christiaan Beek, McAfee lead scientist and senior principal engineer, said: “Healthcare is a valuable target for cybercriminals who have set aside ethics in favour of profits. Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware, and more.

“Both healthcare organisations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”

US medical software suite vulnerable to hacks

Cyber security firm Rapid7 claims to have discovered two security vulnerabilities impacting software suite used by clinicians in the US.

The vulnerabilities were found in the QuicDoc & Office Therapy software suite, a medical billing and documentation platform used in mental health settings, addiction clinics and family centres.

According to Rapid7, both vulnerabilities exploit back-end attacks to gain access to sensitive patient information, including names, addresses and social security information, as well as prescription information, photographs and clinical notes.

Computer Weekly reports that, while the software’s developers, DocuTrac, was made aware of the exploits in January, no patch for the software had been issued by the time Rapid7 went public with the vulnerabilities on 14 March.

Cops cough up cash for cyber

Research exploring how UK authorities are preparing for the growing cyber threat has revealed that British police forces have spent over £1.3 million training for cyber security incidents in the past three years.

Freedom of Information (FOI) requests sent to every police force in the UK by think tank Parliament Street showed that forces have spent a total of £1,320,341 training nearly 40,000 officers and staff since 2015.

North Wales Police spent the most in its attempts to make the force cyber-savvy, coughing up over £375,000 between 2015 and 2017. This was followed by West Mercia and Warwickshire Police (£125,633) and Lincolnshire (£119,834).

The Port of Dover Police, however, was revealed to have offered no cyber-crime training whatsoever during the specified period.

In a summary of its findings, the think tank said: “Whilst occasionally police forces are working together to develop cyber crime training programmes, the clear majority are working alone in this process.

“Whilst we appreciate that individual forces have varying challenges in terms of crime, headcount and volume of citizens to protect, it would make sense to develop a more standardised approach to cybercrime strategy.”

UK ‘four meals away’ from chaos in event of cyber-attack

A cyber-attack that took down the National Grid would throw Britain into chaos in a matter of days, according Cambridge researchers.

The alarmist comments come from the university’s Centre for the Study of Existential Risk, which describes itself as being “dedicated to the study and mitigation of risks that could lead to human extinction of civilizational collapse”.

Speaking to the Telegraph, Julius Weitzdorfe, who studies so-called “black sky hazards” including natural and man-made disasters that could wipe out power supplies, a cyber-attack that left the UK without power would quickly lead to civil collapse as food, water and fuel supplies dwindled.

He claimed that such an attack could leave Britain “in the Stone Age”, telling the paper: “There’s one thing that modern society has come to reply on completely, apart obviously from air, and that’s electricity.

“Without electricity, modern life would grind to a halt and the complexity of modern society is such that if you take out one or two little pieces of the jigsaw, the whole thing collapses.”

Unlucky numbers

National Lottery players were urged to change their login details after owner Camelot was subjected to what it described as a “low-level” cyber-attack on 16 March.

Hackers were able to access users’ accounts after a list containing players’ passwords was published online, a spokesperson told the BBC.

Camelot alerted players to the breach in an email. It read: “As part of our regular security monitoring, we have seen some suspicious activity on a very small number of players’ accounts. We have directly contacted those players whose accounts have been affected.

“We are advising you to change your password as a precaution, particularly if you use the same password across multiple websites”.