(NaturalNews) If the failings of Obamacare haven't been bad enough, especially in terms of losing more of your privacy, now healthcare organizations are increasingly coming under hack attacks that phish for, and steal, personal information.
A new study recently published found that networks and medical devices that are connected to the Internet in places like hospitals and doctor's offices, and in insurance and pharmaceutical companies, are under near-constant cyber assault. In many cases, the study found, healthcare networks have been breached and infiltrated without the owners' knowledge.
As reported by the Chicago Tribune:
The study was conducted by Norse, a Silicon Valley cybersecurity firm, and SANS, a security research institute. In the report, the groups found from September 2012 to October 2013 that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks.
In addition to getting access to patient files and information, the attackers managed to infiltrate devices such as radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers.
"What's concerning to us is the sheer lack of basic blocking and tackling within these organizations," Sam Glines, chief executive of Norse, told the paper. "Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything.
"A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed," he said.
Obamacare exchanges contributing to theft of data
The increase in attacks has come as more hospitals, doctors and other healthcare-related industries become more connected in some way or another to the Internet. And it is going to get worse, analysts and experts believe, as the concept known as the "Internet of Things" -- in which a growing number of devices are being fitted with sensors and Internet connections -- becomes more and more advanced.
"More objects are becoming embedded with sensors and gaining the ability to communicate. The resulting information networks promise to create new business models, improve business processes, and reduce costs and risks," write Michael Chui, Markus Loffler and Roger Roberts for McKinsey & Company, a global management consulting firm.
And with that will come added risk of identity theft, experts say.
The study found that not only is hacking of healthcare industry increasing, but the proliferation of personal information is continuing unabated, thanks to Obamacare, through the federal and state online health insurance exchanges.
"The pace at which technology has allowed our devices to be connected for ease of use has allowed for a larger attack surface," Glines said. "More vigilance is required."
Not enough security measures are being taken
Granted, but as researchers said in their study, there simply are not enough security measures being taken to protect connected devices. And because of that, personal patient information is being regularly compromised.
What's worse, researchers say, is that hackers who gain access to the devices can then use them to launch attacks on other devices (because devices in general are becoming more interconnected).
In their report, researchers say they tracked the origin of some malicious traffic that was coming from medical sites that had been penetrated by cyber thieves.
"The findings of this study indicate that 7% of traffic was coming from radiology imaging software, another 7% of malicious traffic originated from video conferencing systems, and another 3% came from digital video systems that are most likely used for consults and remote procedures," said the researcher's report.
Norse even discovered detailed information about the layouts of hospitals and the specifications of certain lifesaving equipment after following the trails of some malicious traffic.
"This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected," said Barbara Filkins, a senior SANS analyst and healthcare specialist, in the report. "For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care."