Computer security in medicine
How attackers make money on computer illiteracy of doctors
Information leakage through The Internet has turned from a threat to security services into a nightmare for any user. Going to the "web" has become a familiar routine action – both for work and for entertainment. However, neglecting the security rules, the user can bring trouble not only on himself, but also on the company in which he works. The correspondent of RIA "Nauka" talked with Denis Makrushin, a technology expert at Kaspersky Lab, to find out all about the possible risks associated with Internet scammers and medicine.
– Denis, tell us, what is the security threat to medical institutions?
– Polyclinics are switching to digital mode of operation, because it is much more convenient to store files online than to create paper archives. Doctors store patient data on a computer from which they access the Internet not only for work, but also sometimes for personal matters.
Thus, attackers have the opportunity to gain access to data and steal it. Leakage of a patient's personal medical information is punishable by the Criminal Code, so the simplest thing a criminal could do is extort money from a polyclinic in exchange for non-disclosure of the patient's personal data.
But with the advent of medical devices connected to the network, for example, MRI, cardiographs, various diagnostic equipment, scammers have found another way to earn money. They infect the device with malware (viruses) and demand money in exchange for its "treatment" or unblocking. Such equipment is quite expensive, and the clinic is forced to obey the demands of criminals.
– Won't the antivirus protect the system from hacking? There are many other industries where you can earn a lot from speculating on information. Why exactly is medicine subjected to such active attacks by "hackers"?
– To begin with, contrary to the "Hollywood fairy tales", attackers are rarely professional hackers. It is much easier and more profitable to make money on the negligence of ordinary users than to fight with protected systems where specialists in this matter work. In my opinion, the problem of information leakage in medical institutions is that doctors are not very well versed in computer technology yet. They are not accustomed to follow certain rules, they do not know how to react, "catching a virus". Attackers take advantage of the honesty, inattention or ignorance of people who operate medical equipment. In large organizations, security specialists sit who can help and teach all employees the rules of "network hygiene". But in small firms, a single system administrator is responsible for everything, who sometimes does not even have sufficient qualifications to monitor security.
No antivirus software will help if the doctor follows the links without hesitation, does not study the downloaded files and hangs the password to the computer or device in a prominent place. Only information literacy of people together with the use of antiviruses is able to protect the world from such criminals. Computer literacy of each user, availability of qualified security specialists and antivirus – only in a complex they will protect against information leakage or hacking.
– If there are criminals, then there are fighters against them. Where and how are people trained to resist online scammers?
– Everything is also ordinary here – they study at technical universities in the departments of information security. And then we find them on career forums, such as, for example, Fresh Technical, which, by the way, opens on Monday at Tverskaya, 7. Such forums are an opportunity for us to find really worthwhile guys, and for the guys themselves, to get a job in our company. In addition to us, companies such as Sukhoi, Microsoft, NES, Digital Economy League and others. Then we teach graduates that it is much easier to prevent leakage or infection of the device than to deal with problems later. Students learn to control incoming and outgoing information, acquire practical skills in protecting the corporate perimeter.
– Let's say the information leak did happen. Is it possible to find the culprit?
– Of course, there are specialists who are looking for Internet intruders. They are able to find the way in which the information has gone, with the help of a set of specific measures. And yet it is much easier and cheaper to prevent loss than to identify a fraudster. The latter appear by the hundreds every day, and the search for even one can take considerable time and resources.
– What advice will you give to users to protect personal and corporate information?
– It's enough just to train yourself to be a little "paranoid" about security. Passwords must be at least 10 characters long, contain letters, numbers, and symbols. They must be changed every three months. Carefully check the correspondence received, do not follow suspicious links from strangers. If the link leads to a third-party website or application, do not open them. If you need to access the Internet from your work laptop via "public" Wi-Fi (in the subway or cafe), you should refrain from texting.
Portal "Eternal youth" http://vechnayamolodost.ru
25.09.2017