Kaspersky: PH top APAC country with most number of attacks on medical devices

Yangon, Myanmar — Legacy and open source systems, outdated software, and vague, or the lack thereof, security postures are just few of the reasons the Philippines — as well as other countries — is the top Asia Pacific country that recorded the most number of attacks against medical devices in the healthcare industry. It placed second globally after Venezuela.

These are the findings of the cybersecurity firm Kaspersky presented at its annual Cybersecurity Weekend 2019, which also shed light on the reasons cybercriminals are showing great interest in the medical sector.

Based on its collected data, Kaspersky found out that 7-in-10 of medical machines in Venezuela (77%), the Philippines (76%), Libya (75), and Argentina (73%) have become entry points for hackers to infiltrate hospital and pharmaceutical networks.

Two more countries in APAC were in the Top 15 nations with the most number of detected infections and these are Bangladesh (58%) and Thailand (44%).

Yury Namestnikov, Director of Global Research and Analysis Team, Russia, Kaspersky Lab, highlighted how clicking on a malicious link in a phishing email can lead to a cyber attack.

He also explained how outdated software or discontinued support services for Microsoft Office and the like could expand a network’s vulnerability. Office tops the list of exploit targets against medical organizations, which also includes web, USB, and (outdated) Android devices.

“Please patch (your) Office (systems),” advised Namestnikov. “All hacks lead to that.”

Network servers are not the only attack surface for hackers. Majority of the attacks are coursed through end-users’ computers, mobiles and tablets, IoT gadgets, as well as hospital machines that are connected to the internet inside a healthcare facility.

Nametsnikov said lumping all medical equipment into one network or cloud system could be disastrous. He noted the significant role USB sticks in the astounding number of web threats in the Philippines.

““These devices that are in medical organizations, they got infected because people who are responsible for the architecture of IT systems in medical organizations, they do not separate the networks,” he said. “The right way to solve this problem is to review the architecture for how you design your medical network and separate computers that should not be visible from the internet. It will help a lot.”

While hospitals and medical institutions have learned their lessons after the Wannacry ransomware attack in 2017, cybercriminals have shifted their target on pharmaceutical companies.

“As of 2019, pharmaceutical companies have fallen victims with 49% of attacks on devices compared to 44% in 2017 and 45% in 2018,” Namestnikov said.

Pakistan is No. 1 on the list with 54% recorded attacks on its pharmaceutical companies. In APAC, Indonesia tops the list (46%) and placed fourth globally. APAC dominated the list with India (45%), Bangladesh (42%), and Hong Kong (39%) rounding up the countries in the region. Brazil, Egypt, Mexico, Peru, and Spain complete the top 10 list.

In 2019, APT (advanced persistent threat) groups such as Cloud Atlas and APT10 (MenuPass and a Chinese-speaking APT) have set their sights on medical universities, research, and clinics as potential targets.

Namestnikov said medical institutions need to rethink their cyber hygiene and start security awareness from the ground up.

“Organizations should at least do a minimum of cybersecurity,” Namestnikov said.