Kaspersky experts have discovered that the most used protocols include data transfer from wearable devices, used to monitor the health status of patients remotely, on 33 gaps, including 18 gap.
And that is in the year 2021 alone.The number of dangerous gaps discovered in this protocol increased by ten gaps compared to the year 2020, while many of them are still the same without treatment.Some of these gaps give Internet criminals the opportunity to intercept data from the Internet devices.
The ongoing panda led to the acceleration of digital transformation efforts in the health care sector, and health care institutions were forced to rethink ways to provide care services to patients, in light of the overcrowding of hospitals and the tremendous pressures that occurred to workers in this field.
In addition to the stone of many people in their homes.A recent research conducted by Kaspersky found that 91% of healthcare providers around the world have applied the capabilities of providing health care services for a distance..But these fast digitization efforts were created in return new security risks, especially with regard to patient data.
Part of the remote health care services includes monitoring the health status of patients from remoteness, using wearable devices and screens, which include tools that can be followed, constantly or at periods, health indicators of patients, such as heart activity.
The MQTT Protocol is the most common to transfer data from the wearable sensors and devices, due to its smile with ease and convenience, which makes it available in many wearable devices, and even in almost any smart device.
But when using the MQTT protocol, the authentication is completely optional, and rarely includes an encryption of protection, which makes it vulnerable to what is known as the attacks of the "medieval man", which falls when attackers can put themselves between two parties while they are connected, and expose them to the possibility of stealing data that is transferred between them via the Internet.This information may include, in the case of wearable devices, medical data, highly sensitive personal information, and even the person’s movements himself.
90 security gaps have been discovered in the MQTT protocol since 2014, including dangerous gaps, and many of them are still not corrected today.In the year 2021 alone, 33 gaps, including 18 dangerous gaps, were discovered, an increase of 10 gaps from the year 2020.All of these gaps expose patients to the risk of stealing their data.
The number of security gaps found in the MQTT protocol between the years 2014 and 2021
Kaspersky researchers also discovered security gaps in one of the most common platforms on the wearable devices: Snapdragon Weaable platform from Qualcomm company.More than 400 gaps have been found on this platform since its launch, while not all of them have been corrected yet, even though there is what dates back to the year 2020.
It should be noted that most of the wearable devices track the user's health data, location and movements, which opens the way for the possibility of the user to be prosecuted in addition to stealing his data.
The pandemic led to a sharp growth in the distance health services market, not only to communicate with the doctor through video applications, but rather extended to a full range of rapidly developed technologies and products, which include specialized applications, wearable devices, implantable sensors and cloud -based data rulesAccording to Maria Namstenikova, head.
Which warned that many hospitals are still using the services of external, unproven or proven entities, to store patient data, while remaining gaps in wearable devices and open sensors that were not subject to correction.She said: «Health care institutions and hospitals must confirm before using such devices, from their security levels, in order to preserve the security of their data and the safety of their patients..
Recommendations for data security
• Check the security of the application or the device proposed by the hospital or the medical institution.
• Reducing data transferred via health care applications remotely if possible (preventing the device, for example, from sending geographical location data if it is not needed).
• Change passwords from the virtual words that come with the device, and use the encryption if the device provides it.
Follow the economic statement via Google News
طباعةEmailفيسبوك تويتر لينكدين Pin InterestWhats App