5 attack scenarios and 3 tips how to avoid them
Article written by specialists at the Trend Micro Foward-Looking Threat Research Lab
Over sixty years ago, healthcare professionals were among the first to adopt a new communication tool: the pager. This little instrument combined technology from walkie-talkies and automobile radios, resulting in a handy little tool that allowed the transmission of messages (or ‘pages’) to other pagers up to 25 miles away. And although smartphones have taken over communication in the outside world, the healthcare industry has never really said goodbye to pagers. They offer a few crucial advantages to healthcare professionals: they don’t suffer from the often weak cellular coverage in hospitals nor do they interfere with medical equipment.
Another initial advantage of pagers, however, has now become a potential problem: security. Pagers often lack encryption and authentication. Before software-defined radio became popular, pager technology was considered secure in spite of these limitations, because an attacker had to pay big money and have good knowledge on radio and hardware wiring to ‘sniff’ clear text in the air. Nowadays, however, equipment to look into unencrypted frequencies is neither expensive nor complex. Anyone with some basic skills can intercept pages from miles away.
Recent research by Trend Micro revealed that pages sent by medical staff often contain sensitive information, ranging from a patient’s name and address, the information about the ailments a patient is suffering from, syndromes, treatments, and medication to be prescribed. To warn healthcare professionals, Trend Micro came up with some hypothetical but realistic attack scenarios which illustrate how attackers could misuse this information:
- Sending pages to the pharmacy for medication: attackers could sabotage a target’s treatment program. For example, spoof pages could be sent to deliver medicine with a counter-effect. Or patients dealing with drug addiction issues could page the pharmacy for excessive dosages of painkillers like morphine.
- Stealing a dead person’s identity: In some countries and regions, a death notification is sent when a patient dies. It may be possible to steal relevant information and use the details to make claims on the family’s behalf.
- Spoofing messages: There is an SMS gateway that forwards SMS messages to pagers. This could be used to have someone call a number, visit malicious links, and other social engineering tactics.
- Intercepting calls from the officiating doctors: An attacker could page a request to a doctor to call the medical staff to discuss a patient. This phone call can then be redirected to an attacker’s phone number, who can then trick the doctor into leaking information about a patient’s condition.
- Declaring an emergency inside facilities: Hackers could spoof pages to declare an emergency. Pranksters could do this just for ‘fun’. Attackers who want access to confidential information or want to physically attack a target could use this to get staff to leave the medical facility and, as a result, facilitate access to the facility.
To avoid security violations, Trend Micro recommends the following ‘good practices’:
- Encrypt the communication – The more sophisticated your encryption method, the more secure your communication. But even a simple encryption can raise the bar for the attacker.
- Authenticate the source – To prevent spoofed messages from being accepted by the system, there should be authentication designed in the firmware. When in doubt of weird medical information, make a phone call or meet with the person to verify the information.
- Transmit only the necessary information – It is good practice to send pages that cannot be identified without relevant documentation on the receiving end. For example, medical reference numbers and part of the date of birth should be enough to confirm the identity of the patient when combined with offline information on the receiving end.