A few days ago a clinic specializing in cosmetic surgeries revealed that it was the victim of a ransomware incident. These attacks have become very common; however, no web application security expert could foresee the unusual consequences of this incident.
The attackers are reportedly extorting patients who have passed through this clinic, threatening to reveal their pre- and post-plastic surgery photos unless they pay a ransom.
Dr. Richard Davis, in charge of the Center for Facial Restoration, said we were worried and helpless about this incident: “Now we don’t have to worry just about recovering our files, but also our patients suffered consequences of the attack.”
For the time being, the web application security personnel working with the clinic set out to correct the security weaknesses that enabled the attack, mentioning that management expects the deployed updates to mitigate the extent of the incident, while they are aware that the damage is already done: “While this update will not help victims, we will try to keep the number of incidents to the minimum possible,” Dr. Davis added. The incident appears to have affected patients who sent their photographs to the clinic via email.
This is yet another example of the special interest that hackers have shown in compromising health institution systems, a trend that has increased markedly for at least a year. This is not a minor problem, as a ransomware infection could paralyze a hospital system while performing surgeries or other critical operations, seriously compromising the integrity of patients.
According to web application security experts from the International Cyber Security Institute (IICS), the main reason hackers target medical services is the need to keep their systems always online in order to access clinical histories, medical consultation systems, diagnostics, medication and even some systems related to the operation of devices such as x-ray machines, artificial respirators, heart monitors, among others.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.