Health-care industry - the next cybercrime target?

These types of malicious software, whether deployed through targeted attacks, compromised websites, spam, infected mobile devices, or otherwise, not only expose sensitive data but create distracting and expensive IT headaches.

These attacks aren't terribly new, but their sophistication is and the ability to expose patient data is of real concern. Cybercriminals have developed entire malware platforms that can be customised to attack health-care organisations;

Most of these devices, as well as MRI machines, CT scanners and countless other diagnostic machines were never designed with security in mind. Many diagnostic systems use off-the-shelf operating systems like Microsoft Windows, while other devices use purpose-built software designed to collect data - not keep it safe. Too many of these devices are eminently hackable and, once compromised, can provide hackers with unfettered access to the clinical data systems within which they interface.

And it isn't just patient data that's vulnerable through connected devices. Cyberterrorists could potentially manipulate machines to harm patients intentionally or shut down critical systems in hospitals. As early as 2011, one researcher demonstrated how an insulin pump could be hacked to deliver a lethal dose of insulin;

When everything from a home glucose monitor to an iPhone app can become part of the attack surface, it should become clear just how badly exposed health-care institutions are. As with clinical devices, most of these new patient care modalities are designed for convenience and innovative functionality rather than security.

Health-care security should not be addressed when medical records are breached. The time is now. The health-care industry as a whole needs to be proactive and begin deploying systems with security baked in, protected at both the network and application levels. The stakes are simply too high to wait.