By Denise A. Valdez, Reporter
YANGON, Myanmar — Medical facilities in the Philippines will continue experiencing high rates of cyber attacks, with seven out of 10 medical machines compromised this year, according to data from cybersecurity firm Kaspersky.
The Russia-based company said it found 76% of medical machines in the country were attacked in the past eight months, making it the most vulnerable in Southeast Asia and second in the Top 15 nations it reviewed.
“In case of Southeast Asia, medical organizations are not in a vacuum. There are computers around them. If you look at the statistics in the Philippines, in general, the number of infections is quite high,” Yury Namestnikov, head of Kasperky’s Global Research and Analysis Team (GReAT) in Russia, said at a forum here on Thursday.
“These devices that are in medical organizations, they got infected (because) people who are responsible for architecture of IT systems in medical organizations, they do not separate the networks,” he added.
Mr. Namestnikov explained that having medical machines connected to a singular internet network could mean a compromise in one system would impact the rest of a facility’s machinery. In the Philippines, he said most of the infections could be traced to universal serial bus (USB) sticks or web threats.
“The right way to solve this problem is to review the architecture for how you design your medical network, and separate computers that should not be visible from the internet. It will help a lot,” he said.
Topping the list of countries with the most cyber attacks on medical machines is Venezuela, which had a 77% rate in 2019. Other countries from Asia Pacific included in the Top 15 are Bangladesh, which ranked 8th with a 58% rate, and Thailand, which ranked 12th with a 44% rate.
“One factor we observe is that the chances of being attacked really depend on how much money the government spends on cybersecurity in the public health sector. Another key reason is the low level of cybersecurity awareness the people inside medical facilities have,” Mr. Namestnikov was quoted as saying in a statement.
The company is pushing for bigger investments from countries in Asia Pacific towards ensuring cyber protection in medical facilities, noting losses could amount to $23.3 million if a hospital is faced with a cyber attack.
“We see more and more threats against the health care sector… Hospitals usually store a lot of data, and because of that, they’re becoming quite often the victim,” Stephan Neumeier, Kaspersky managing director for Asia Pacific, said at the forum.
“If you look at the banks who are dealing with probably more or less the same amount of data as a large hospital, that bank is super secure today… I think hospitals have to do the same, because we can see based on recent events this will otherwise not change,” he added.
The rate of cyber attacks in medical machines in the Philippines grew this year to 76% from 64% two years ago. Data from 2018 was not available as of press time.
Mr. Namestnikov said while many of the medical facilities in developing countries such as the Philippines are still heavily reliant on traditional methods of keeping records, the industry’s shift to digitalization is in the near future, hence the need to keep in mind the issues that would eventually come with it.
“These handwritten records will be digitalized in two to three years and everything will be online, because it’s cheaper for hospitals to have an online catalogue of all their patients than having all these handwritten things archived,” he said.
“So from a business perspective, hospitals will move to digital, and it’s just a matter of years when this trend (of medical cyber attacks) will be relevant to these hospitals. They should be prepared for it,” he added.