The Phenomena of Misconfiguration and Spectre & Meltdown

As we already know, taking care of the networks and technologies of healthcare systems can be very difficult. It is an industry that is extremely vulnerable and at the same time, it is a very important target for hackers. Healthcare sectors hold extremely valuable data that has shown to be significant for those who want to exploit it.

   In this article, we will talk about the two phenomena that are cracking the IT systems of the healthcare industry called:

1. “Misconfiguration”
2. “Spectre & Meltdown”.

Starting off with Misconfiguration, we probably all know what it is. Misconfiguration can open large security flaws even in the most sophisticated systems. Large problems can arise, such as major data leaks, and then, exploitation.

 Just recently, in January of 2018, a security researcher discovered that a medical practice was left misconfigured and it was publicly available. As you can expect, the information of more than 40,000 patients was exploited, including data such as doctors’ observations and check-ups.

 In March of 2018, more than 30,000 patients had their information exploited by hackers due to a misconfiguration in a nonprofit healthcare conglomerate. This leak exposed even more personal data, including scanned images of licenses, cards, and medical documents.

Later, in April of 2018, another leak was caused due to a misconfiguration, this one having patients’ private data being available to search engines. It was a misconfiguration caused by an online portal.

The situation is not expected to improve; on the contrary, it is evolving even more. These systems are becoming more and more chaotic, and hackers can easily find misconfigurations even in the most ‘stable’ systems. Since these security flaws are a major concern in the healthcare industry, multiple statements have been published by the U.S. Healthcare Cybersecurity and Communication Center, which said that the level of vulnerabilities severity level of the misconfigurations was determined to be at level 2, meaning medium.

The other occurring phenomenon is called “Spectre & Meltdown”. It is one of the most widespread security flaws ever discovered, and it is being exploited the most in the healthcare industry. Two security researchers found this flaw on the 3rd of January, 2018, and they proved that the problem is present in billions of systems everywhere throughout the world.

   This major flaw is mostly attributed to the way that modern processors handle data. When the flaw is exploited, the attacker can bypass almost all data security systems, meaning that they gain access to a lot of private information and data.

   This is a very serious situation that is confused many IT professionals all around the world. It leaves the digital world with many questions and very few answers. Spectre & Meltdown can’t be associated with clear security flaws, thus making the problem very hard to address.

   The level of confusion gets even greater when the chip manufacturer AMD claims that today’s modern devices are definitely immune to the flaws. It is a very serious phenomenon that makes consumers doubt major manufacturers, including Intel, Dell, and Lenovo. This could lead to large system instabilities and loops of reboot. It is a very confusing state.

   Many of these popular manufacturers, including Intel, started issuing patches to address the flaws, hoping that a simple solution could be found. A recent study from January of 2018 found out that patches do have the potential to slow down processor performance, however, this does not explain the massive data exploitation that is happening to billions of systems worldwide.

   Dell and Lenovo were forced to resolve some flaws. In the future, it is expected that the public will be presented with more technical solutions and strategies to mitigate this from happening further.

 These massive exploitations of data reveal a lot of personal information for millions of people everywhere in the world. It is a trend that keeps causing more and more concern each year due to the fast advancements in technology. It is expected that in the not-so-distant future a large chunk of these problems will be solved. We can only hope for the best. Lawmakers and legislators are also trying their best to maintain and assist IT systems in healthcare. We must understand that healthcare is a very vulnerable, yet valuable sector, and we must strive to protect it. We must do whatever it takes because millions have had their data exploited.

John Mamon, CEO of  mPowered IT, is a compliance and security thought leader, helping to simplify  HIPAA compliance, network security, and IT services for healthcare practices. He has also authored the book,  The Extra Scoop: Rediscover the Art of Great Customer Service. Feel free to reach him at 678-389-6200.