ProHoster > Blog > Administration > Large FAQ on the cybersecurity of medical information systems

Large FAQ on the cybersecurity of medical information systems

Analytical review of cybersecurity threats to medical information systems relevant in the period from 2007 to 2017.

– How common are medical information systems in Russia?
- Can you tell us more about the Unified State Health Information System (EGSIZ)?
– Can you tell us more about the technical features of domestic medical information systems?
– What is the situation with the cybersecurity of the domestic EMIAS system?
– What is the situation with the cybersecurity of medical information systems – in numbers?
Can computer viruses infect medical equipment?
– How dangerous are ransomware viruses for the medical sector?
– If cyber incidents are so dangerous, why do medical device manufacturers computerize their devices?
- Why did cybercriminals switch from the financial sector and retail stores to medical centers?
– Why have ransomware infections increased in the medical sector and continue to do so?
– Doctors, nurses and patients affected by WannaCry – how did it turn out for them?
– How can cybercriminals harm a plastic surgery clinic?
- A cybercriminal stole a medical card - how does this threaten its rightful owner?
– Why is the theft of medical cards in such a growing demand?
- How are the thefts of social security numbers related to the criminal industry of forgery?
– Today there is a lot of talk about the prospects and security of artificial intelligence systems. How is this going in the medical sector?
Has the medical sector learned from the WannaCry situation?
– How can medical centers ensure cybersecurity?

Large FAQ on the cybersecurity of medical information systems


This review was marked by a letter of thanks from the Ministry of Health of the Russian Federation (see screenshot under the spoiler).

Large FAQ on the cybersecurity of medical information systems

How common are medical information systems in Russia?

  • In 2006, Informatics of Siberia (an IT company specializing in the development of medical information systems) reported [38]: “MIT Technology Review periodically publishes a traditional list of ten promising information and communication technologies that will have the greatest impact on human life in the near future. society. In 2006, 6 out of 10 positions in this list were occupied by technologies related to medicine in one way or another. The year 2007 was announced in Russia as the “year of healthcare informatization”. From 2007 to 2017, the dynamics of healthcare dependence on information and communication technologies is constantly growing.”
  • On September 10, 2012, the information and analytical center "Open Systems" reported [41] that in 2012, 350 Moscow polyclinics were connected to the EMIAS (Unified Medical Information and Analytical System). A little later, on October 24, 2012, the same source reported [42] that at the moment 3,8 thousand doctors have automated workstations, and 1,8 million citizens have already tried the EMIAS service. On May 12, 2015, the same source reported [40] that UMIAS operates in all 660 state polyclinics of Moscow, and contains data from more than 7 million patients.
  • On June 25, 2016, the Profile magazine published [43] an expert opinion of the PwC international analytical center: “Moscow is the only metropolis where a unified system for managing city polyclinics has been fully implemented, while a similar solution in other cities of the world, including New York and London, is only under discussion”. Profile also reported that as of July 25, 2016, 75% of Muscovites (about 9 million people) were registered with EMIAS, more than 20 thousand doctors work in the system; since the launch of the system, more than 240 million appointments have been made with doctors; more than 500 thousand different operations are performed daily in the system. On February 10, 2017, Ekho Moskvy reported [39] that at the moment in Moscow more than 97% of medical appointments are made by appointment through EMIAS.
  • On July 19, 2016, Veronika Skvortsova, Minister of Health of the Russian Federation, stated [11] that by the end of 2018, 95% of the country's medical centers will be connected to the Unified State Health Information System (EGISZ) - by introducing a unified electronic medical record (EMC). The relevant law, obliging the Russian regions to connect to the system, has been publicly discussed, agreed with all interested federal agencies and will soon go to the government. Veronika Skvortsova said that in 83 regions they organized an electronic appointment with a doctor; a unified regional ambulance dispatching system was introduced in 66 subjects; medical information systems operate in 81 regions of the country, to which 57% of doctors have connected workstations. [eleven]

Can you tell us more about the Unified State Health Information System (EGSIZ)?

  • USSIZ is the root of all domestic HIS (medical information systems). It consists of regional fragments - RISUZ (regional health management information system). EMIAS, which has already been mentioned above, is one of the copies of RISUS (the most famous and most promising). [51] As explained [56] by the editors of the journal "Director of the Information Service", the USSIZ is a cloud-network IT infrastructure, the creation of regional segments of which is carried out by research centers in Kaliningrad, Kostroma, Novosibirsk, Orel, Saratov, Tomsk and other cities of the Russian Federation. Federation.
  • The task of the USSIZ is to eradicate the "patchwork informatization" of health care; by linking the MIS of various departments, each of which, prior to the introduction of the USSIZ, used its own custom-made software, without any unified centralized standards. [54] Since 2008, 26 industry-specific IT standards have been at the heart of the unified healthcare information space of the Russian Federation [50]. 20 of them are international.
  • The work of medical centers is largely dependent on HIS, such as OpenEMR or EMIAS. HIS provides storage of information about the patient: diagnostic results, data on prescribed drugs, medical history, etc. The most common HIS components (as of March 30, 2017): EHR (Electronic Health Records) is an electronic medical records management system that stores patient data in a structured form and maintains his medical history. NAS (Network Attached Storage) - network storage. DICOM (Digital Imaging and Communications in Medicine) is a standard for digital imaging and communication in medicine. PACS (Picture Archiving and Communication System) is an image storage and exchange system operating in accordance with the DICOM standard. Creates, stores and visualizes medical images and documents of examined patients. The most common of the DICOM systems. [3] All of these IIAs are vulnerable to well-designed cyberattacks, the details of which are publicly available.
  • In 2015 Zhilyaev P.S., Goryunova T.I. and Volodin K.I., technical experts of the Penza State Technological University, told [57] in their article on cybersecurity in the medical sector that EMIAS includes: 1) IMEC (integrated medical electronic card); 2) a citywide register of patients; 3) patient flow management system; 4) integrated medical information system; 5) system of consolidated management accounting; 6) a system of personalized accounting of medical care; 7) medical register management system. As for CPMM, according to the report [39] of Ekho Moskvy radio (February 10, 2017), this subsystem is built based on the best practices of the OpenEHR standard, which is the most advanced technology that technologically developed countries are gradually moving to.
  • The editors of the Computerworld Russia magazine also explained [41] that in addition to integrating all these services with each other and with the MIS of medical institutions, UMIAS is also integrated with the software of the federal fragment "EGIS-Zdrav" (EGIS is a unified state information system) and electronic governments, including public service portals. A little later, on July 25, 2016, the editors of the Profile magazine clarified [43] that UMIAS currently combines several services: a situation center, an electronic registry, an EHR, an electronic prescription, sick leave certificates, laboratory service and personalized accounting.
  • On April 7, 2016, the editors of the journal "Director of the Information Service" reported [59] that EMIAS came to pharmacies. In all Moscow pharmacies that sell drugs on preferential prescriptions, an “automated system for managing drug supply for the population” has been launched - M-Pharmacy.
  • On January 19, 2017, the same source reported [58] that since 2015, the implementation of a unified radiological information service (ERIS) integrated with UMIAS has begun in Moscow. For doctors who issue referrals to patients for diagnostics, flow charts have been developed for X-ray studies, ultrasound, CT and MRI, which are integrated with EMIAS. As the project expands, it is planned to connect hospitals with their numerous equipment to the service. Many hospitals have their own HIS, and they also need to be integrated. The editors of Profile also state that, seeing the positive experience of the capital, the regions are also infected with interest in the implementation of UMIAS.

Can you elaborate on the technical features of domestic medical information systems?

  • The information for this paragraph is taken from the analytical review [49] "Informatics of Siberia". About 70% of medical information systems are built on relational databases. In 1999, 47% of medical information systems used local (desktop) databases, with dBase tables in the vast majority of cases. This approach is typical for the initial period of software development for medicine and the creation of highly specialized products.
  • Every year the number of domestic systems based on desktop databases is decreasing. In 2003, this figure was only 4%. To date, almost no developer uses dBase tables. Some software products use their own database format; often they are used in electronic pharmacological reference books. Currently, the domestic market has a medical information system built even on its own DBMS of the "client-server" architecture: e-Hospital. It is difficult to imagine objective reasons for such decisions.
  • When developing domestic medical information systems, the following DBMS are mainly used: Microsoft SQL Server (52.18%), Cache (17.4%), Oracle (13%), Borland Interbase Server (13%), Lotus Notes/Domino (13%). For comparison: if we analyze all medical software using the client-server architecture, then the share of Microsoft SQL Server DBMS will be 64%. Many developers (17.4%) allow the use of several DBMS, most often it is a combination of Microsoft SQL Server and Oracle. Two systems (IS Kondopoga [44] and Paracelsus-A [45]) use several DBMSs simultaneously. All used DBMS are divided into two fundamentally different types: relational and postrelational (object-oriented). To date, 70% of domestic medical information systems are built on relational DBMS, and 30% - on postrelational ones.
  • A variety of programming tools are used in the development of medical information systems. For example, DOKA+ [47] is written in PHP and JavaScript. "E-Hospital" [48] was developed in the Microsoft Visual C++ environment. The amulet is in the Microsoft Visual.NET environment. Infomed [46], running under Windows (98/Me/NT/2000/XP), has a two-level client-server architecture; the client part is implemented in the Delphi programming language; the server part is under the control of the Oracle DBMS.
  • Approximately 40% of developers use the tools built into the DBMS. 42% use their own developments as a report editor; 23% - tools built into the DBMS. To automate the design and testing of program code, 50% of developers use Visual Source Safe. As software for creating documentation, 85% of developers use Microsoft products - Word text editor or, for example, the creators of e-Hospital, Microsoft Help Workshop.
  • In 2015 Ageenko T.Yu. and Andrianov A.V., technical experts of the Moscow Institute of Technology, published an article [55], where they described in detail the technical details of a hospital automated information system (HAIS), including a typical network infrastructure of a medical institution and the pressing problems of ensuring its cybersecurity. GAIS is a secure network through which EMIAS operates, the most promising of Russian MISs.
  • Informatics of Siberia states [53] that the two most authoritative research centers involved in the development of MIS are the Institute of Program Systems of the Russian Academy of Sciences (located in the ancient Russian city of Pereslavl-Zalessky) and the non-profit organization Fund for the Development and Provision of Specialized Medical Care 168" (located in Akademgorodok, Novosibirsk). The Informatics of Siberia itself, which can also be included in this list, is located in the city of Omsk.

What is the situation with the cybersecurity of the domestic EMIAS system?

  • On February 10, 2017, Vladimir Makarov, the curator of the EMIAS project, in his interview for Ekho Moskvy radio shared his idea [39] that absolute cybersecurity does not exist: “There is always a risk of data leakage. You have to get used to the fact that the consequence of using any modern technology is that everything about you can become known. They even open the e-mail boxes of the first persons of the states.” In this regard, mention can be made of a recent incident in which the emails of about 90 members of the UK Parliament were compromised.
  • On May 12, 2015, the Department of Information Technology of Moscow spoke [40] about four key points of the ISIS (Integrated Information Security System) for EMIAS: 1) physical protection - data is stored on modern servers located in underground rooms, access to which is strictly regulated; 2) software protection - data is transmitted in encrypted form over secure communication channels; in addition, information can only be obtained on one patient at a time; 3) authorized access to data - a doctor is identified by a personal smart card; for the patient, two-factor identification is provided according to the MHI policy and date of birth.
  • 4) Medical and personal data are stored separately, in two different databases, which additionally ensures their security; EMIAS servers accumulate medical information in an anonymized form: visits to the doctor, appointments, disability certificates, referrals, prescriptions and other details; and personal data - the MHI policy number, last name, first name, patronymic, gender and date of birth - are contained in the databases of the Moscow City Compulsory Medical Insurance Fund; data from these two databases are connected visually only on the doctor's monitor, after his identification.
  • However, despite the apparent impregnability of such EMIAS protection, modern cyberattack technologies, the details of which are in the public domain, make it possible to crack even such protection. For example, see the description of the attack on the new Microsoft Edge browser - in the absence of software errors and with the active state of all available protections. [62] In addition, the absence of errors in the program code is already a utopia in itself. More about this in the presentation "Dirty secrets of cyberdefenders". [63]
  • On June 27, 2017, the Invitro clinic suspended the collection of biomaterial and the issuance of test results in Russia, Belarus and Kazakhstan due to a large-scale cyber attack. [64]
  • On May 12, 2017, Kaspersky Lab recorded [60] 45 successful cyber attacks by the WannaCry ransomware virus in 74 countries around the world; moreover, most of these attacks occurred on the territory of Russia. Three days later (May 15, 2017), the anti-virus company Avast recorded [61] already 200 cyber attacks by the WannaCry ransomware virus and reported that more than half of these attacks occurred in Russia. The BBC news agency reported (May 13, 2017) that in Russia, among others, the Ministry of Health, the Ministry of Internal Affairs, the Central Bank and the Investigative Committee became victims of the virus. [61]
  • However, the press centers of these and other Russian departments unanimously assert that cyber-attacks of the WannaCry virus, although they took place, were not crowned with success. Most Russian-language publications about the deplorable incidents with WannaCry, mentioning one or another Russian agency, hastily add something like: “But according to official data, no damage was done.” On the other hand, the Western press is sure that the consequences of the cyber attack of the WannaCry virus are more tangible than it is presented in the Russian-language press. The Western press is so sure of this that it even cleared Russia of involvement in this cyberattack. Whom to trust more - Western or domestic media - is a personal matter for everyone. At the same time, it is worth considering that both sides have their own motives for exaggerating and minimizing reliable facts.

What is the cybersecurity situation of medical information systems – in numbers?

  • On June 1, 2017, Rebecca Weintrab (chief physician of Brigham and Women's Hospital with a Ph.D.) and Joram Borenstein (cybersecurity engineer) in their joint article published on the pages of the Harvard Business Review stated [18] that the digital age has greatly simplified the collection of medical data and the exchange of medical records between different medical centers: today, patient medical records have become mobile and portable. However, such digital conveniences come at a cost to medical centers with serious cybersecurity risks.
  • On March 3, 2017, the SmartBrief news agency reported [24] that in the first two months of 2017, there were about 250 cybersecurity incidents that resulted in the theft of more than a million sensitive records. 50% of these incidents were in small and medium-sized businesses (not including the healthcare sector). About 30% - fell on the health sector. A little later, on March 16, the same agency reported [22] that the leader of cybersecurity incidents at the time of the current 2017 is the medical sector.
  • On January 17, 2013, Michael Greg, CEO of the cybersecurity consulting firm Smart Solutions, reported [21] that in 2012, 94% of medical centers were victims of confidential information leaks. This is 65% more than in 2010-2011. Worse, 45% of medical centers reported that over time, the scale of leaks of confidential information is becoming more serious; and admitted that they had more than five such serious leaks in the period 2012-2013. And less than half of the medical centers are sure that such leaks can be prevented, or at least you can find out that they have taken place.
  • Michael Greg also reported [21] that in the period 2010-2012, in just three years, more than 20 million patients were victims of the theft of EHRs that contain sensitive confidential information: diagnoses, treatment procedures, billing information, insurance details, social security number insurance and more. A cybercriminal who stole an EHR can use the information gleaned from it in a variety of ways (see the paragraph "How are social security number thefts related to the criminal forgery industry?"). However, despite all this, the protection of EMRs in medical centers is often much less weak than the protection of personal e-mail.
  • On September 2, 2014, Mike Orkut, a technical expert at MIT, stated [10] that ransomware infection incidents are increasing every year. In 2014, there were 600% more incidents than in 2013. In addition, the American FBI reported [26] that in 2016 more than 4000 cases of digital extortion occurred daily - four times more than in 2015. At the same time, it is not only the trend of increasing ransomware infection incidents that is alarming; the gradual growth of targeted attacks is also alarming. The most common targets of such attacks are financial institutions, retailers and medical centers.
  • On May 19, 2017, the BBC news agency published [23] Verizon's 2017 report, according to which 72% of ransomware incidents occurred in the medical sector. At the same time, over the past 12 months, the number of such incidents has increased by 50%.
  • On June 1, 2017, the Harvard Busines Review published [18] a report provided by the U.S. Department of Health and Human Services stating that more than 2015 million EHRs were stolen in 113. In 2016 - more than 16 million. At the same time, despite the fact that, compared with 2016, there is a sharp decline in the number of incidents, the overall trend is still growing. At the beginning of 2017, the think tank Expirian stated [27] that healthcare is by far the most sought-after target for cybercriminals.
  • Leakage of patient data in medical systems is gradually becoming [37] one of the most pressing problems in healthcare. Thus, according to InfoWatch, over the past two years (2005-2006), every second medical organization leaked patient information. At the same time, 60% of data leaks occur not through communication channels, but through specific people who take confidential information outside the organization. Only 40% of information leaks occur for technical reasons. The weakest link [36] in the cybersecurity of medical information systems is people. You can spend a lot of money to create security systems, and a low-paid employee will sell information for a thousandth of that cost.

Can computer viruses infect medical equipment?

  • On October 17, 2012, David Talbot, an MIT technical expert, reported [1] that medical equipment used inside medical centers is becoming more computerized, more "smart" and more flexible for reprogramming; and also increasingly has a function to support networking. As a result, medical equipment is becoming increasingly susceptible to cyberattacks and viruses. The problem is exacerbated by the fact that manufacturers usually don't allow modifications to their hardware, even to make it cyber-secure.
  • For example, in 2009, the Conficker network worm infiltrated the Beth Israel Medical Center and infected some of the medical equipment there, including an obstetric care workstation (from Philips) and a fluoroscopy workstation (from General Electric). In order to prevent similar incidents from occurring in the future, John Halmac, IT director of this medical center - and part-time professor at Harvard Medical School with a doctorate - decided to disable the network support function on this equipment. However, he was faced with the fact that the equipment "cannot be upgraded due to regulatory restrictions." It took him considerable effort to coordinate with the manufacturers to disable networking capabilities. However, disconnecting from the network is far from ideal. Especially in the context of the growing integration and interdependence of medical equipment. [1]
  • This is with regard to "smart" equipment that is used inside medical centers. But there are also wearable medical devices, including insulin pumps and implanted pacemakers. They are increasingly exposed to cyberattacks and infection with computer viruses. [1] As a side note, on May 12, 2017 (the day of the triumph of the WannaCry ransomware virus), one of the cardiac surgeons reported [28] that in the midst of his heart surgery, several computers crashed, but Fortunately, he still managed to successfully complete the operation.

How dangerous are ransomware viruses for the medical sector?

  • On October 3, 2016, Mohammed Ali, CEO of cybersecurity firm Carbonite, explained [19] in the Harvard Business Review that ransomware is a type of computer virus that blocks a user from accessing their system; until the ransom is paid. The ransomware virus encrypts the hard drive - causing the user to lose access to information on their computer - and for providing the decryption key, the ransomware virus demands a ransom. To avoid meeting with law enforcement, attackers use anonymous payment methods, such as bitcoin. [19]
  • Muhammad Ali also reported [19] that ransomware distributors have found that the most optimal ransom price when attacking ordinary citizens and small business owners is from $300 to $500. This is an amount that many are willing to part with - faced with the prospect of losing all their digital savings. [19]
  • On February 16, 2016, the Guardian news agency reported [13] that as a result of a ransomware infection, medical staff at the Hollywood Presbyterian Medical Center lost access to their computer systems. As a result, doctors were forced to fax, nurses to record medical records on old-fashioned paper medical records, and patients to go to the hospital to collect test results in person.
  • On February 17, 2016, the Hollywood Presbyterian Medical Center issued a statement [30] that read: “On the evening of February 5, our employees lost access to the hospital network. The malware has locked our computers and encrypted all of our files. Law enforcement agencies were immediately notified. Cybersecurity experts helped restore access to our computers. The ransom requested was 40 bitcoins ($17000). The fastest and most efficient way to restore our systems and administrative functions was to pay a ransom, and so on. get the decryption key. In order to restore the health of hospital systems, we were forced to do this.”
  • On May 12, 2017, the New York Times reported [28] that as a result of the WannaCry incident, some hospitals were so paralyzed that even name tags for newborns could not be printed. In hospitals, patients were told, "We can't serve you because our computers are out of order." It's rather unusual to hear in big cities like London.

If cyber incidents are so dangerous, why are medical device manufacturers computerizing their devices?

  • On July 9, 2008, Cristina Grifantini, MIT technical expert, noted in her article "Medical Centers: The Age of Plug and Play" [2]: The frightening variety of new "smart" medical devices in hospitals promises better patient care. However, the problem is that these devices are usually incompatible with each other, even if produced by the same manufacturer. Therefore, doctors are experiencing an urgent need to integrate all medical equipment into a single computerized network.
  • On July 9, 2009, Douglas Rosendale, IT Specialist at the Veterans Health Administration and part-time professor at Harvard Medical School with a Ph.D., stated [2] the urgent need for computerized integration of medical devices in the following words: with a closed architecture, from different vendors - but the problem is that they cannot interact with each other. And that makes it difficult to care for patients.”
  • When medical devices make independent measurements and do not exchange them with each other, they cannot assess the patient's condition in a comprehensive manner, and therefore sound the alarm at the slightest deviation from the norm, with or without reason. This creates significant inconvenience for nurses, especially in the intensive care unit, where there are a lot of such independent devices. Without the integration and support of the network, the intensive care unit will be a madhouse. Integration and support of the local network makes it possible to coordinate the work of medical devices and medical information systems (especially the interaction of these devices with patients' EHR), which leads to a significant reduction in the number of false alarms. [2]
  • Hospitals have a lot of outdated expensive equipment that does not support networking. In an urgent need for integration, hospitals are either gradually replacing this equipment with new ones, or modifying it so that it can be integrated into the overall network. At the same time, even with new equipment, which was developed taking into account the possibility of integration, this problem has not been completely solved. Because every medical device manufacturer, driven by eternal competition, strives to make sure that its devices can only integrate with each other. However, many emergency departments need a specific set of devices that no manufacturer alone can provide. Therefore, choosing one manufacturer will not solve the compatibility problem. This is another problem that stands in the way of complex integration. And hospitals are investing heavily in its solution. Because equipment that is otherwise incompatible with each other will turn the hospital, with its false alarms, into a lunatic asylum. [2]
  • On June 13, 2017, Peter Pronovost, PhD physician and Associate Director of Patient Safety at Johns Hopkins Medicine, shared [17] in the Harvard Business Review his thoughts on the need for computerization of medical equipment: “Take, for example, Breathe-helping machine. The optimal mode of ventilation of the patient's lungs is directly dependent on the patient's height. The patient's height is stored in the EHR. As a rule, the breathing apparatus does not interact with the EHR, so doctors have to obtain this information manually, make some calculations on paper, and manually set the parameters of the breathing apparatus. If the breathing apparatus and EHR were connected via a computerized network, then this operation could be automated. A similar medical equipment maintenance routine exists among dozens of other medical devices. Therefore, doctors have to perform hundreds of routine operations daily; which is accompanied by errors - although rare, but inevitable.
  • New computerized hospital beds are equipped with a set of high-tech sensors that can monitor a wide variety of parameters of the patient lying on it. For example, these beds, by tracking the dynamics of the patient's movements on the bed, can determine whether he is at risk of getting pressure sores. These high-tech sensors cover 30% of the cost of the entire bed. However, without computerized integration, this "smart bed" is of little use - after all, it will not be able to find a common language with other medical devices. A similar situation is observed with "smart wireless monitors" that measure heart rate, MPC, blood pressure, etc. Without the integration of all this equipment into a single computerized network, and, above all, ensuring direct interaction with patients' EHR, it is of little use. [17]

Why did cybercriminals switch from the financial sector and retail stores to medical centers?

  • On February 16, 2016, Julia Cherry, Special Correspondent for The Guardian, shared her observation that health centers are especially attractive to cybercriminals because their information systems—thanks to the nationwide drive of health centers to digitize health records—contain a wealth of information. Including credit card numbers, personal information about patients and sensitive medical data. [13]
  • On April 23, 2014, Jim Finkle, a cybersecurity analyst at the Reuters news agency, explained [12] that cybercriminals tend to take the path of least resistance. The cybersecurity systems of medical centers are much weaker compared to other sectors that have already recognized this problem and have taken effective countermeasures. Therefore, cybercriminals are attracted to them.
  • On February 18, 2016, Mike Orkut, MIT technical expert, reported that the interest of cybercriminals in the medical sector is due to the following five reasons: 1) Most medical centers have already transferred all their documents and cards to digital form; the rest are in the process of such a transfer. The details of these cards contain personal information that is highly valued on the dark web black market. 2) Cyber ​​security in medical centers is not a priority; they often use outdated systems and don't properly support them. 3) The need for quick access to data in emergency situations often outweighs the need for security, leading hospitals to neglect cybersecurity even though they are aware of the implications. 4) Hospitals are adding more devices to their network, giving the bad guys more options to infiltrate the hospital network. 5) The trend towards more personalized medicine - in particular the need for patients to have comprehensive access to their EHRs - makes MIS an even more accessible target. [14]
  • The retail and financial sectors have long been a popular target for cybercriminals. As the information stolen from these institutions floods the dark web black market, it becomes cheaper and, accordingly, it is not profitable for the bad guys to steal and sell it. Therefore, the bad guys are now mastering a new, more profitable sector. [12]
  • On the dark web black market, medical cards are much more expensive than credit card numbers. First, because they can be used to access bank accounts and obtain prescriptions for controlled drugs. Secondly, because the fact of theft of a medical card and the fact of its illegal use is much more difficult to detect, and much more time passes from the moment of abuse to the moment of detection than in the case of credit card abuse. [12]
  • According to Dell, some particularly enterprising cybercriminals are combining bits of health information extracted from stolen medical records with other sensitive data, and so on. collect a package of forged documents. Such packages are called "fullz" and "kitz" in Darknet black market jargon. The price of each such package exceeds $1000. [12]
  • On April 1, 2016, Tom Simont, a technical expert at MIT, said [4] that the essential difference between cyber threats in the medical sector lies in the severity of the consequences that they promise. For example, if you lose access to your work email, you will naturally become upset; however, losing access to medical records that contain information needed to treat patients is another matter entirely.
  • Therefore, for cybercriminals - who understand that this information is very valuable for doctors - the medical sector is a very attractive target. So attractive that they constantly invest heavily in making their ransomware even better; in order to stay one step ahead in their eternal struggle with anti-virus systems. The impressive sums they are raising through ransomware give them the opportunity to be generous with such investments, and these costs are more than paid off. [4]

Why have ransomware infections increased and continue to increase in the medical sector?

  • On June 1, 2017, Rebecca Weintrab (chief physician at Brigham and Women's Hospital with a PhD) and Joram Borenstein (cybersecurity engineer) published [18] in the Harvard Business Review the results of their joint research on cybersecurity in the medical sector. The key theses of their research are presented below.
  • No organization is immune from hacking. This is the reality we live in, and this reality was made especially clear when the WannaCry ransomware virus exploded in mid-May 2017, infecting medical centers and other organizations around the world. [18]
  • In 2016, the administrators of the Hollywood Presbyterian Medical Center, a large outpatient clinic, suddenly discovered that they had lost access to information on their computers. Physicians could not access their patients' EHRs; and even to their own reports. All information on their computers was encrypted by a ransomware virus. While all the information of the polyclinic was held hostage by intruders, doctors were forced to redirect clients to other hospitals. For two weeks they wrote everything on paper, until they decided to pay the ransom demanded by the attackers - $ 17000 (40 bitcoins). It was not possible to trace the payment because the ransom was paid through an anonymous Bitcoin payment system. If cybersecurity specialists had heard a couple of years ago that decision makers would be puzzled by converting money into cryptocurrency in order to pay a ransom to the developer of the virus, they would not have believed it. However, that is exactly what happened today. Ordinary people, small business owners, and large corporations are all targeted by ransomware. [19]
  • In terms of social engineering, phishing emails containing malicious links and attachments are no longer sent on behalf of overseas relatives who want to bequeath some of their wealth to you in exchange for confidential information. Today, phishing emails are well-prepared messages, without typos; often disguised as official documents with logos and signatures. Some of them are indistinguishable from ordinary business correspondence or legitimate application update notifications. Sometimes recruitment decision makers receive letters from a promising candidate with a resume attached to the letter, in which a ransomware virus is embedded. [19]
  • However, advanced social engineering is not so bad. Even worse is the fact that the launch of a ransomware virus can occur without the direct participation of the user. Ransomware viruses can spread through security holes; or through unprotected old applications. At least every week a fundamentally new type of ransomware appears; and the number of ways that ransomware viruses can enter computer systems is constantly growing. [19]
  • So, for example, with regard to the WannaCry ransomware virus... Initially (May 15, 2017), security experts concluded [25] that the main reason for the infection of the UK national health system is that hospitals use an outdated version of the Windows operating system - XP (hospitals use this system because a lot of expensive hospital equipment is not compatible with newer versions of Windows). However, a little later (May 22, 2017) it turned out [29] that an attempt to run WannaCry on Windows XP often led to a computer crash, without infection; and most of the infected machines were running Windows 7. In addition, it was initially believed that the WannaCry virus spread through phishing, but later it turned out that this virus spread itself, like a network worm, without the user's assistance.
  • In addition, there are specialized search engines that look not for sites on the network, but for physical equipment. Through them you can find out in what place, in which hospital, what equipment is connected to the network. [3]
  • Another significant factor in the prevalence of ransomware viruses is access to the Bitcoin cryptocurrency. The ease of collecting payments anonymously from around the world is fueling the growth of cybercrime. In addition, by transferring money to extortionists, you thereby stimulate repeated extortions against you. [19]
  • At the same time, cybercriminals have learned to capture even those systems on which the most modern protection is deployed, and the latest software updates; and the means of detection and decryption (which protection systems resort to) do not always work; especially if the attack is targeted and unique. [19]
  • However, there is still an effective countermeasure against ransomware: backing up critical data. So that in case of trouble, the data can be easily restored. [19]

Doctors, nurses and patients affected by WannaCry - how did it turn out for them?

  • On May 13, 2017, Sarah Marsh of The Guardian interviewed several victims of the WannaCry ransomware virus to understand how this incident [5] turned out for the victims (names have been changed for privacy reasons):
  • Sergey Petrovich, doctor: I could not provide proper care to patients. No matter how leaders convince the public that cyber incidents do not affect the safety of end patients, this is not true. We couldn't even take x-rays when our computerized systems failed. And almost no medical procedure can do without these pictures. For example, on this ill-fated evening, I was seeing a patient and I needed to send him for an X-ray, but because our computerized systems were paralyzed, I couldn't do it. [5]
  • Vera Mikhailovna, a patient with breast cancer: After my chemotherapy session, I was half way out of the hospital, but at that moment there was a cyberattack. And although the session had already been completed, I had to spend several more hours in the hospital - waiting for the medicine to finally be given to me. The hitch was due to the fact that before dispensing medicines, the medical staff checks them for compliance with prescriptions, and these checks are carried out by computerized systems. The patients following me in line were already in the ward for a chemotherapy session; their medicines have already been delivered. But since it was impossible to check their compliance with the recipes, the procedure was postponed. Treatment of the rest of the patients was generally postponed to the next day. [5]
  • Tatyana Ivanovna, nurse: On Monday, we were unable to view the patient's EHR and the list of appointments scheduled for today. I was on call for applications this weekend, so on Monday, when our hospital was the victim of a cyber attack, I had to remember exactly who should come to the appointment. Our hospital's information systems have been blocked. We couldn't view medical history, we couldn't view prescriptions for drugs; could not view the addresses and contact details of patients; filling documents; check test results. [5]
  • Evgeny Sergeevich, system administrator: We usually have the most visitors on Friday afternoons. So it was this Friday. The hospital was full of people, and 5 hospital employees were on duty at the reception of telephone applications, and their phones rang incessantly. All of our computer systems worked flawlessly, but around 15:00 pm, all computer screens went black. Our doctors and nurses lost access to patients' EMRs, and the employees who were on duty at the reception of calls could not enter requests into the computer. [5]

How can cybercriminals harm a plastic surgery clinic?

  • According to the Guardian [6], on May 30, 2017, the Tsarskaya Guard criminal group published confidential data of 25 patients of the Lithuanian plastic surgery clinic Grozio Chirurgija. Including private intimate photos taken before, during and after operations (their storage is necessary in view of the specifics of the clinic); as well as scans of passports and social security numbers. Since the clinic has a good reputation and affordable prices, residents of 60 countries, including world-famous celebrities, use its services [7]. All of them became victims of this cyberincident.
  • A few months earlier, after hacking the clinic’s servers and stealing data from them, the “guards” demanded a ransom of 300 bitcoins (about $800). The clinic management refused to cooperate with the “Guards”, and remained adamant even when the “Guards” reduced the ransom price to 50 bitcoins (about $120). [6]
  • Having lost hope of getting a ransom from the clinic, the "guards" decided to switch to her clients. In March, they published photos of 150 clinic patients on the Dark Web [8] in order to scare others into paying up. The “Guardsmen” asked for a ransom from 50 to 2000 euros, with payment in bitcoin, depending on the fame of the victim and the intimacy of the stolen information. The exact number of blackmailed patients is not known, but several dozen victims turned to the police. Now, three months later, the Guardsmen have released confidential details of another 25 customers. [6]

A cybercriminal stole a medical card - how does this threaten its rightful owner?

  • On October 19, 2016, Adam Levine, a cybersecurity expert who heads the CyberScout research center, noted [9] that we live at a time when medical records have begun to include an alarming amount of overly intimate information: about illnesses, diagnoses, treatments, and about health problems. In the wrong hands, this information can be used to profit on the dark web black market, which is why cybercriminals often target medical centers.
  • On September 2, 2014, Mike Orkut, a technical expert at MIT, stated [10]: "While stolen credit card numbers and social security numbers themselves are becoming less and less popular on the dark web black market - medical cards, with a rich set of personal information, there at a good price. Partly because they give uninsured people the opportunity to get medical care that they otherwise could not afford.”
  • A stolen medical card can be used to obtain medical care on behalf of the rightful holder of that card. As a result, the medical data of its rightful owner and the medical data of the thief will be mixed in the medical card. In addition, if the thief sells the stolen medical cards to third parties, then the card can be further contaminated. Therefore, when coming to the hospital, the legitimate cardholder runs the risk of receiving medical care based on someone else's blood type, someone else's medical history, someone else's list of allergic reactions, etc. [9]
  • In addition, the thief can exhaust the insurance limit of the rightful holder of the medical card, which will deprive the latter of the opportunity to receive the necessary medical care when it is needed. At the most inopportune time. After all, many insurance plans have annual limits on certain types of procedures and treatments. And certainly no insurance company will pay you for two appendicitis surgeries. [9]
  • Using a stolen medical card, a thief can abuse prescriptions for medicines. At the same time, depriving the rightful owner of the opportunity to get the necessary medicine when he needs it. After all, prescriptions for medicines are usually limited. [9]
  • Eliminating massive cyberattacks on credit and debit cards is not so problematic. Protecting against targeted phishing attacks is a little more problematic. However, when it comes to stealing and misusing EHRs, the crime can be almost invisible. If the fact of a crime is discovered, then, as a rule, only in an emergency situation, when the consequences can be literally life-threatening. [9]

Why is medical card theft so rampant?

  • In March 2017, the Identity Theft Center reported that more than 25% of confidential data leaks are in medical centers. These leaks cost medical centers $5,6 billion annually. Here are a few reasons why medical record theft is in such high demand. [18]
  • Medical cards are the hottest item on the dark web black market. Medical cards are sold there for $50 apiece. By comparison, credit card numbers are sold on the Dark Web for $1 apiece—50 times cheaper than medical cards. The demand for medical cards is also driven by the fact that they are a consumable part of complex criminal forgery services. [18]
  • If the buyer of the medical cards is not found, the attacker can use the medical card himself and carry out a traditional theft: medical records contain enough information to get a credit card, open a bank account or take out a loan on behalf of the victim. [18]
  • With a stolen medical card in hand, a cybercriminal, for example, can carry out a complex targeted phishing attack (figuratively speaking, sharpen a phishing spear), impersonating a bank: “Good afternoon, we know that you are going to have an operation. Don't forget to pay for related services by clicking on this link. And then you think: “Well, since they know that I have an operation tomorrow, it must be a letter from the bank.” If the attacker still fails to realize the potential of the stolen medical cards, he can use the ransomware virus to extort money from the medical center in order to restore access to blocked systems and data. [18]
  • Medical centers have been very slow to implement cybersecurity practices - which have already been developed in other industries - which is quite ironic, since it is the responsibility of medical centers to ensure medical confidentiality. In addition, medical centers tend to have significantly lower cybersecurity budgets and significantly less qualified cybersecurity professionals than, for example, financial institutions. [18]
  • Medical IT systems are tightly tied to financial services. For example, health centers can have flexible savings plans for contingencies, with their own payment cards or savings accounts — which store six-figure amounts. [18]
  • Many organizations cooperate with medical centers and provide their employees with an individual wellness system. This gives an attacker the opportunity, through hacking into medical centers, to gain access to confidential information of corporate clients of the medical center. Not to mention the fact that the employer himself can act as an attacker - quietly selling the medical data of his employees to third parties. [18]
  • Medical centers have extensive supply chains and massive lists of providers with whom they have a digital connection. By hacking into the medical center's IT systems, the attacker can also take over the systems of the providers. In addition, suppliers who are connected to the medical center by digital communication are in themselves a tempting entry point for the attacker into the IT systems of the medical center. [18]
  • In other areas, protection has become very sophisticated, and so attackers have had to master a new sector - where transactions are carried out through vulnerable hardware and vulnerable software. [18]

How are social security number thefts related to the criminal forgery industry?

  • On January 30, 2015, the Tom's Guide news agency explained [31] how ordinary document forgery differs from combined forgery. At its simplest, document forgery involves the scammer simply impersonating someone else using their name, Social Security Number (SSN), and other personal information. A similar fact of fraud is detected quite quickly and easily. With a combined approach, the bad guys create a whole new identity. By forging a document, they take a real SSN and add pieces of personal information from several different people to it. This Frankenstein monster, stitched together from the personal information of various people, is already much more difficult to detect than the simplest forgery of a document. Since the scammer uses only some of the information of each of the victims, his fraudulent machinations will not contact the rightful owners of these pieces of personal information. For example, when viewing the activity of their SSN, its legal owner will not find anything suspicious there.
  • Bad guys can use their Frankenstein monster to get a job or take out a loan [31], as well as to open fictitious companies [32]; to make purchases, obtain driver's licenses and passports [34]. At the same time, even in the case of taking a loan, it is very difficult to trace the fact of forgery of documents, and therefore if the bankers begin to investigate, then the legal holder of this or that piece of personal information will most likely be called to account, and not the creator of the Frankenstein monster.
  • Unscrupulous entrepreneurs can use forged documents to deceive creditors - by creating a so-called. business sandwich. The essence of the business sandwich is that unscrupulous entrepreneurs can create several false identities and present them as customers of their business - thereby creating the appearance of a successful business. So they become more attractive to their creditors and get the opportunity to enjoy more favorable lending conditions. [33]
  • Theft and misuse of personal information often goes unnoticed by its rightful owner for a long time, but can cause him significant inconvenience at the most inopportune time. For example, a legitimate SSN owner can apply for social services and be denied because of the excess income generated from a fabricated business sandwich that uses their SSN. [33]
  • From 2007 to the present day, the multibillion-dollar criminal business of forging documents based on SSN is gaining more and more popularity [34]. At the same time, fraudsters prefer those SSNs that are not actively used by their rightful owners - these include the SSN of children and the deceased. In 2014, monthly incidents numbered in the thousands, according to the CBC news agency, while in 2009 there were no more than 100 per month. The exponential growth of this type of fraud - and especially its impact on children's personal data - will have dire consequences for young people in the future. [34]
  • Children's SSNs are 50 times more likely to be used in this scam than adult SSNs. This interest in children's SSNs is due to the fact that children's SSNs are generally not active until at least 18 years of age. That. if the parents of minor children do not keep abreast of their SSN, then their child may be denied a driver's license or student loan in the future. It can also complicate employment if information about questionable SSN activity becomes available to a potential employer. [34]

Today there is a lot of talk about the prospects and security of artificial intelligence systems. How is this going in the medical sector?

  • In the June 2017 issue of MIT Technology Review, the journal's editor-in-chief specializing in artificial intelligence technologies, published his article "The Dark Side of Artificial Intelligence", in which he answered this question in detail. Key points of his article [35]:
  • Modern artificial intelligence (AI) systems are so complex that even the engineers who design them cannot explain how AI makes a decision. Today and in the foreseeable future, it is not possible to develop an AI system that can always explain its actions. The technology of "deep learning" has proven to be very effective in solving the pressing problems of recent years: image and voice recognition, language translation, medical applications. [35]
  • There are significant hopes for AI in diagnosing deadly diseases, in making difficult economic decisions; and AI is also expected to become a centerpiece in many other industries. However, this will not happen - or at least should not happen - until we find a way to make a deep learning system that can explain the decisions that it makes. Otherwise, we will not be able to predict exactly when this system will fail - and sooner or later it will definitely fail. [35]
  • This problem has become urgent now, and in the future it will only get worse. Be it economic, military or medical decisions. The computers running the corresponding AI systems have programmed themselves, and in such a way that we have no way of understanding "what's on their minds." What can we say about end users, when even the engineers designing these systems are unable to understand and explain their behavior. As AI systems evolve, we may soon cross the line - if we haven't already - where we need to take a "leap of faith" when relying on AI. Of course, being human, we ourselves cannot always explain our conclusions, and often rely on intuition. But can we allow machines to think in the same way - unpredictable and inexplicable? [35]
  • In 2015, Mount Sinai, a medical center in New York City, was inspired to apply the concept of deep learning to its vast database of case histories. The data structure used to train the AI ​​system included hundreds of parameters that were set based on the results of analyses, diagnostics, tests and medical records. The program that processed these recordings was called "Deep Patient". She was trained using records of 700 patients. When testing new records, it proved to be very useful in predicting diseases. Without any interaction with an expert, the Deep Patient found the symptoms hidden in the medical records - which, according to the AI, indicated that the patient was on the verge of extensive complications, including liver cancer. We have experimented with various predictive methods before, which used the medical records of many patients as input data, but the results of the “Deep Patient” cannot be compared with them. In addition, there are completely unexpected achievements: The Deep Patient is very good at predicting the onset of mental disorders such as schizophrenia. But since modern medicine does not have the tools to predict it, the question arises how AI managed to do this. However, the Deep Patient fails to explain how he does this. [35]
  • Ideally, such tools should explain to doctors how they came to a particular conclusion - in order, say, to justify the use of a particular drug. However, modern artificial intelligence systems, alas, cannot do this. We can create similar programs, but we don't know how they work. Deep learning has led AI systems to explosive success. Currently, such AI systems are used to make key decisions in such industries as medicine, finance, manufacturing, etc. Perhaps this is the nature of intelligence itself - that only part of it lends itself to rational explanation, while mostly it makes spontaneous decisions. But what will it lead to when we allow such systems to diagnose cancer and perform military maneuvers? [35]

Has the medical sector learned from the WannaCry situation?

  • On May 25, 2017, the BBC news agency reported [16] that one of the significant reasons for the neglect of cybersecurity in wearable medical devices is their low computing power due to strict requirements for their size. Two other equally significant reasons: the lack of knowledge of how to write secure code and the pushing the deadlines for the release of the final product.
  • In the same report, the BBC noted [16] that as a result of research into the program code of one of the pacemakers, more than 8000 vulnerabilities were found in it; and that despite the high-profile cybersecurity issues identified as a result of the WannaCry incident, only 17% of medical device manufacturers have taken concrete steps to ensure the cybersecurity of their devices. As for the medical centers that managed to avoid a collision with WannaCry, only 5% of them were puzzled by diagnosing the cybersecurity of their equipment. These reports come shortly after more than 60 healthcare organizations in the UK were the victims of a cyberattack.
  • On June 13, 2017, one month after the WannaCry incident, Peter Pronowost, PhD physician and associate director of patient safety at Johns Hopkins Medicine, discusses [17] in the Harvard Business Review the pressing challenges of computerized medical integration. equipment, - did not mention a word about cybersecurity.
  • On June 15, 2017, a month after the WannaCry incident, Robert Perl, a doctor with a doctorate and head of two medical centers, discussing [15] in the Harvard Business Review the current challenges faced by developers and users of EHR management systems - He didn't say a word about cybersecurity.
  • On June 20, 2017, a month after the WannaCry incident, a group of PhD scientists from the Harvard School of Medicine - who also serve as heads of key departments at Brigham and Women's Hospital - published [20] the results in the Harvard Business Review. discussion of a round table on the need to modernize medical equipment in order to improve the quality of patient care. The round table discussed the prospects for reducing the burden on doctors and reducing costs through the optimization of technological processes and integrated automation. Representatives of 34 leading US medical centers took part in the round table. Discussing the modernization of medical equipment, the participants placed high hopes on predictive tools and smart devices. Not a word was said about cybersecurity.

How can medical centers ensure cybersecurity?

  • In 2006, Lieutenant General Nikolai Ilyin, head of the Special Communications Information Systems Department of the Federal Security Service of Russia, stated [52]: “The issue of information security is more relevant today than ever before. The amount of technology used is increasing dramatically. Unfortunately, today information security issues are not always taken into account at the design stage. It is clear that the price of solving this problem is from 10 to 20 percent of the cost of the system itself, and the customer does not always want to pay extra money. Meanwhile, you need to understand that reliable information protection can be implemented only in the case of an integrated approach, when organizational measures are combined with the introduction of technical means of protection.”
  • On October 3, 2016, Mohammed Ali, a former key employee of IBM and Hewlett Packard, and now the head of the company "Carbonite", specializing in cybersecurity solutions, shared [19] on the pages of the Harvard Business Review his observations regarding the situation with cybersecurity in the medical sector: “Because ransomware is so common and the damage can be so costly, I'm always surprised when I talk to CEOs that they don't care. At best, the CEO delegates cybersecurity concerns to the IT department. However, this is not enough to provide effective protection. Therefore, I always urge CEOs to: 1) put measures to prevent the impact of ransomware viruses on the list of organizational development priorities; 2) review the relevant cybersecurity strategy at least annually; 3) involve your entire organization in appropriate education.”
  • You can borrow established solutions from the financial sector. The main conclusion [18] that the financial sector made from the turmoil with cybersecurity is: “The most effective element of cybersecurity is staff training. Because today the main cause of cybersecurity incidents is the human factor, in particular the exposure of people to phishing attacks. Whereas strong encryption, cyber risk insurance, multi-factor authentication, tokenization, card chipping, blockchain and biometrics are useful things, but largely secondary.”
  • On May 19, 2017, the BBC news agency reported [23] that sales of security software increased by 25% in the UK after the WannaCry incident. However, according to Verizon, the panic buying of security software is not what is needed to ensure cybersecurity; to ensure it, you need to follow proactive protection, not reactive.

PS Liked the article? If yes, please like. If by the number of likes (let's get 70) I see that Habr's readers have an interest in this topic, after a while I will prepare a continuation, with an overview of even more recent threats to medical information systems.

Bibliography

  1. David Talbot. Computer Viruses Are "Rampant" on Medical Devices in Hospitals // MIT Technology Review (Digital). 2012.
  2. Christina Grifantini. Plug and Play Hospitals // MIT Technology Review (Digital). 2008.
  3. Dens Makrushin. Mistakes of "smart" medicine // SecureList. 2017.
  4. Tom Simonite. With Hospital Ransomware Infections, the Patients Are at Risk // MIT Technology Review (Digital). 2016..
  5. Sarah Marsh. NHS workers and patients on how cyber-attack has affected them // The Guardian. 2017.
  6. Alex Hern. Hackers publish private photos from cosmetic surgery clinic // The Guardian. 2017.
  7. Sarunas Cerniauskas. Lithuania: Cybercriminals Blackmail Plastic Surgery Clinic with Stolen Photos // OCCRP: Organized Crime and Corruption Reporting Project. 2017.
  8. Ray Walsh. Naked Plastic Surgery Patient Photos Leaked on the Internet // BestVPN. 2017.
  9. Adam Levin. Physician Heal Thyself: Are Your Medical Records Safe? //HuffPost. 2016.
  10. Mike Orcutt. Hackers Are Homing In on Hospitals // MIT Technology Review (Digital). 2014.
  11. Pyotr Sapozhnikov. Electronic health records in 2017 will appear in all clinics of Moscow // AMI: Russian agency of medical and social information. 2016.
  12. Jim Finkle. Exclusive: FBI warns sector healthcare vulnerable to cyber attacks // Reuters. 2014.
  13. Julia Carrie Wong. Los Angeles hospital returns to faxes and paper charts after cyberattack // The Guardian. 2016.
  14. Mike Orcutt. Hollywood Hospital's Run-In with Ransomware Is Part of an Alarming Trend in Cybercrime // MIT Technology Review (Digital). 2016.
  15. Robert M. Pearl, MD (Harvard). What Health Systems, Hospitals, and Physicians Need to Know About Implementing Electronic Health Records // Harvard Business Review (Digital). 2017.
  16. 'Thousands' of known bugs found in pacemaker code // BBC. 2017.
  17. Peter Pronovost, MD. Hospitals Are Dramatically Overpaying for Their Technology // Harvard Business Review (Digital). 2017.
  18. Rebecca Weintraub, MD (Harvard), Joram Borenstein. 11 Things the Health Care Sector Must Do to Improve Cybersecurity // Harvard Business Review (Digital). 2017.
  19. Mohamad Ali. Is Your Company Ready for a Ransomware Attack? // Harvard Business Review (Digital). 2016.
  20. Meetali Kakad, MD, David Westfall Bates, MD. Getting Buy-In for Predictive Analytics in Health Care // Harvard Business Review (Digital). 2017.
  21. Michael Gregg. Why Your Medical Records Are No Longer Safe //HuffPost. 2013.
  22. Report: Health care leads to data breach incidents in 2017 // smartbrief. 2017.
  23. Matthew Wall, Mark Ward. WannaCry: What can you do to protect your business? // BBC. 2017.
  24. More than 1M records exposed so far in 2017 data breaches // BBC. 2017.
  25. Alex Hern. Who is to blame for exposing the NHS to cyber-attacks? // The Guardian. 2017.
  26. How to Protect Your Networks From Ransomware //FBI. 2017.
  27. Data Breach Industry Forecast //Rxperian. 2017.
  28. Steven Erlanger, Dan Bilefsky, Sewell Chan. UK Health Service Ignored Warnings for Months // The New York Times. 2017.
  29. Windows 7 hardest hit by WannaCry worm // BBC. 2017.
  30. Allen Stefanek. Holwood Pressbyterian Medica Center.
  31. Linda Rosencrance. Synthetic Identity Theft: How Crooks Create a New You // Tom's Guide. 2015.
  32. What is Synthetic Identity Theft and How to Prevent It.
  33. Synthetic Identity Theft.
  34. Steven D'Alfonso. Synthetic Identity Theft: Three Ways Synthetic Identities Are Created // security intelligence. 2014.
  35. Will Knight. The Dark Secret at the Heart of AI // MIT Technology Review. 120(3), 2017.
  36. Kuznetsov G.G. The problem of choosing an information system for a medical institution // "Informatics of Siberia".
  37. Information systems and the problem of data protection // "Informatics of Siberia".
  38. IT in healthcare in the near future // "Informatics of Siberia".
  39. Vladimir Makarov. Answers to questions about the EMIAS system // Radio "Echo of Moscow".
  40. How Muscovites' medical data is protected // Open systems. 2015.
  41. Irina Sheyan. Moscow introduces electronic medical records // Computerworld Russia. 2012.
  42. Irina Sheyan. in the same boat // Computerworld Russia. 2012.
  43. Olga Smirnova. The smartest city on earth // Profile. 2016.
  44. Tseplyova Anastasia. Medical information system of Kondopoga // one.
  45. Medical information system Paracelsus-A.
  46. Kuznetsov G.G. Informatization of municipal health care using the medical information system "INFOMED" // "Informatics of Siberia".
  47. Medical Information System (MIS) DOKA+.
  48. e hospital. Official site.
  49. Technologies and perspectives // "Informatics of Siberia".
  50. By what IT standards does medicine live in Russia?
  51. Regional subsystem (RISUZ) // "Informatics of Siberia".
  52. Information systems and the problem of data protection // "Informatics of Siberia".
  53. Possibilities of medical information systems // "Informatics of Siberia".
  54. Single health information space // "Informatics of Siberia".
  55. Ageenko T.Yu., Andrianov A.V. Experience in integration of EMIAS and hospital automated information system // IT Standard. 3(4). 2015.
  56. IT at the Regional Level: Leveling the Situation and Ensuring Openness // Director of the Information Service. 2013.
  57. Zhilyaev P.S., Goryunova T.I., Volodin K.I. Ensuring the protection of information resources and services in the field of healthcare // International Student Scientific Bulletin. 2015.
  58. Irina Sheyan. Pictures in the clouds // Information service director. 2017.
  59. Irina Sheyan. Efficiency of healthcare informatization - on the "last mile" // Information service director. 2016.
  60. Kaspersky Lab: Russia most affected by WannaCry hacker attacks // one.
  61. Andrey Makhonin. Russian Railways and the Central Bank reported virus attacks // BBC. 2017.
  62. Erik Bosman, Kaveh Razavi. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector // Proceedings of the IEEE Symposium on Security and Privacy. 2016.pp. 987-1004.
  63. Bruce Potter. Dirty Little Secrets of Information Security // DEFCON 15. 2007.
  64. Ekaterina Kostina. Invitro announced the suspension of taking tests due to a cyber attack.

Source: habr.com

Add a comment