1 Today and Future Healthcare Information Security Threats นายแพทย์ สุธี ทุวิรัตน์ CISA.

1

Today and Future Healthcare Information Security Threats

นายแพทย� สุธี� ทวิ รั�ตน� CISA

Agenda

Healthcare Information Security & Public Safety

2

Wireless Vulnerabilities

The Mail surveyed 12 hospitals in the South-East. In seven we were able to pick up wireless signals that could be easily accessed without a password.

They were the London hospitals Guy's, St George's and St Mary's; Kent and Sussex Hospital, in Tunbridge Wells; St Helier Hospital, in Surrey; Wexham Park Hospital, in Berkshire; and Wycombe General Hospital, in High Wycombe.

3

Hacker breaches San Diego hospital

A San Diego medical center is warning patients that a hacker may have accessed their personal information.

4

Attack On A Liverpool Hospital 

In 1994 a hacker hacked into a Liverpool hospital and changed the medical prescriptions for patients.

A nine-year-old patient who was prescribed a highly toxic mixture survived only because a nurse decided to re-check his prescription.

The hacker's stated motive was, he wanted to know what kind of chaos could be caused by penetrating the hospital computer.

5

Nurse-Hacker alter Prescription

The judge found Rymer guilty and sentenced him to a year in jail. And the hospital’s executive nurse said “tighter computer security” was implemented to ensure this did not happen again. Nurse-hacker Alters Hospital Prescriptions, supra.

6

Attack On Northwest Hospital in Seattle

 Christopher Maxwell A 20-year-old California hacker was sentenced to 37 months in federal prison for creating a virus that jeopardized patients at Northwest Hospital in Seattle, damaged computers at U.S. military installations worldwide and affected thousands of others.

Investigators have identified 441,000 computer systems hacked by Maxwell's robot virus, including 104 country domains, 276 ".net" domains, 128 ".com" domains, and 28 ".edu" domains.

7

Northwest Hospital was hit on Jan. 9, 2005. The hospital's surgical, patient financing,

information management, diagnostic imaging and laboratory systems were affected.

Operating room doors wouldn't open, doctors' pagers didn't work, and computers in the intensive-care unit shut down.

8

The hospital switched to its disaster plan, and used runners to move medical records and lab test results. Elective medical procedures had to be rescheduled.

Luckily no patients were harmed.

9

Attack on Chicago Hospitals

June 14, 2007 James C. Brewer of Arlington, Texas was indicted on charges of infecting more than 10,000 computers globally with a bot, including two Chicago-area hospitals operated by the Bureau of Health Services in Cook County, Ill.The computers at the two hospitals repeatedly froze or rebooted from October to December, resulting in delayed medical services. Brewer was released on a $4,500 bond.

10

Lasik Surgery

The U. S. Food and Drug Administration issued warning letters to 17 Lasik vision-correction ambulatory surgical centers after inadequate reporting systems were found during an inspection.

11

Identity Fraud Scam

An employee at Johns Hopkins Hospital in Baltimore may have intentionally leaked the personal information of more than 10,000 patients, according to Dark Reading.

The hospital is offering credit monitoring and fraud resolution services, as well as US$30,000 in identity theft reimbursements to the 31 victims. It has also notified the other 10,000 patients whose records were in the database.

12

Implanted Medical Devices

At least 100,000 patients in the US have some sort of implanted device that reduce medical visits by sending information on a patient to a monitor that then sends the data to a doctor.

These devices might be vulnerable to hackers. A team of researchers found that they were able

to gain wireless control of a combination heart defibrillator and pacemaker.

13

Implanted Medical Devices

They could reprogram it to shut down, and to deliver jolts of electricity that would potentially be fatal.

They also were able to gather personal patient data.

14

Hacker Attack Epilepsy Forum

Hacker user Java Script and Flash animations

15

HVAC System Compromised by Hacker

McGraw's immediate actions could have allowed him to shut down the HVAC system at a Dallas building which contains the Carrell Clinicorthopedics facility and North Central Surgical Center. A loss of air-conditioning in the hot Texas weather could have threatened the safety of patients, staff members, and visitors. McGraw "did jeopardize [the HVAC] system," Colvin said. "It's frightening."

16