Why Mainframe Security Risks Are Largely Unrecognized

Uploaded on 2018-09-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

In the past year, cybercriminals have made the healthcare industry a top target for sophisticated ransomware attacks, often exploiting known but unpatched vulnerabilities to gain access to clinical information.

The implications of those reported but unresolved vulnerabilities are scary, considering the wealth of patient data hospitals manage, as well as the potential life-and-death situations involved. But, what about the vulnerabilities that aren’t even on the radar of hospital IT departments?

Most modern hospitals depend on multiple electronic systems and connected IoT devices to operate around the clock. The largest hospitals also rely on mainframes to safeguard some of their mission-critical financial and billing data. The security of hospital systems isn’t always up to sufficiently high standards. And, while mainframes are arguably the most securable platform, they still aren’t impenetrable. Mainframes have weaknesses, like code-based vulnerabilities that, if exploited, could endanger the entire enterprise.

Essentially, code-based vulnerabilities are areas of flawed code that allow a program to bypass the security controls put in place by the operating system and the organization. There’s a huge amount of risk involved with operating system-level vulnerabilities. If a hacker were to exploit a single trap door vulnerability, they would have access to all of the data, applications and users on the entire mainframe.

In a hospital setting, that means access to everything ranging from patients’ personal information, to doctor’s orders, to insurance coverage, and so on. Hospitals manage a wealth of sensitive information about their patients, like SSNs, addresses, contact information and more, that is considered to be protected heath information (PHI).

If a bad actor gains access to the enterprise through the mainframe, they would have the potential to cripple many of the hospital’s most important functions. For example, many medical devices today are peer-to-peer or wirelessly attached to the clinical information system. Imagine if a hacker infiltrates the system, or even takes the mainframe down—those medical devices and the corresponding medicine could no longer be accurately managed and administered.

Part of the challenge when it comes to managing mainframe security is that many IT professionals working on mainframes are unaware of these code-based vulnerabilities. On top of that, hospital IT departments right now are spread thin monitoring all the various systems. A recent survey of nearly 2,500 healthcare security experts revealed that 96 percent believe that bad actors are outpacing the defenses of their medical enterprises.

Although IT managers may be technically savvy, there are simply not enough of them to track all of the risks and ensure their mainframes are always up, running and protected. The good news is that these vulnerabilities are patchable. Of course, vulnerabilities have to be discovered first before they can be patched. It’s time for hospitals to invest in the people and practices that will better guard their IT systems and patient data.

Information Management:

You Might Also Read:

Healthcare Cyber-Attacks Still Going Up

« Organizations Hit With North Korea-Linked Ryuk Ransomware
Training Young Hackers To Stop Cybercrime »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

QuantumCTek

QuantumCTek

QuantumCTek is a Chinese pioneer and leader in commercialized quantum information technology (QIT).

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.

MODUS X

MODUS X

MODUS X is a Ukrainian IT product and service company created from the IT department of the DTEK Group of Companies.

Point3 Security

Point3 Security

Point3 Security is a premier information security organization that provides the industry with the talent screening and analytical tools to enhance its workforce.