Why Mainframe Security Risks Are Largely Unrecognized

Uploaded on 2018-09-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

In the past year, cybercriminals have made the healthcare industry a top target for sophisticated ransomware attacks, often exploiting known but unpatched vulnerabilities to gain access to clinical information.

The implications of those reported but unresolved vulnerabilities are scary, considering the wealth of patient data hospitals manage, as well as the potential life-and-death situations involved. But, what about the vulnerabilities that aren’t even on the radar of hospital IT departments?

Most modern hospitals depend on multiple electronic systems and connected IoT devices to operate around the clock. The largest hospitals also rely on mainframes to safeguard some of their mission-critical financial and billing data. The security of hospital systems isn’t always up to sufficiently high standards. And, while mainframes are arguably the most securable platform, they still aren’t impenetrable. Mainframes have weaknesses, like code-based vulnerabilities that, if exploited, could endanger the entire enterprise.

Essentially, code-based vulnerabilities are areas of flawed code that allow a program to bypass the security controls put in place by the operating system and the organization. There’s a huge amount of risk involved with operating system-level vulnerabilities. If a hacker were to exploit a single trap door vulnerability, they would have access to all of the data, applications and users on the entire mainframe.

In a hospital setting, that means access to everything ranging from patients’ personal information, to doctor’s orders, to insurance coverage, and so on. Hospitals manage a wealth of sensitive information about their patients, like SSNs, addresses, contact information and more, that is considered to be protected heath information (PHI).

If a bad actor gains access to the enterprise through the mainframe, they would have the potential to cripple many of the hospital’s most important functions. For example, many medical devices today are peer-to-peer or wirelessly attached to the clinical information system. Imagine if a hacker infiltrates the system, or even takes the mainframe down—those medical devices and the corresponding medicine could no longer be accurately managed and administered.

Part of the challenge when it comes to managing mainframe security is that many IT professionals working on mainframes are unaware of these code-based vulnerabilities. On top of that, hospital IT departments right now are spread thin monitoring all the various systems. A recent survey of nearly 2,500 healthcare security experts revealed that 96 percent believe that bad actors are outpacing the defenses of their medical enterprises.

Although IT managers may be technically savvy, there are simply not enough of them to track all of the risks and ensure their mainframes are always up, running and protected. The good news is that these vulnerabilities are patchable. Of course, vulnerabilities have to be discovered first before they can be patched. It’s time for hospitals to invest in the people and practices that will better guard their IT systems and patient data.

Information Management:

You Might Also Read:

Healthcare Cyber-Attacks Still Going Up

« Organizations Hit With North Korea-Linked Ryuk Ransomware
Training Young Hackers To Stop Cybercrime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.