Cyber attacks on hospitals and power grids "likely"

Electricity grids and hospitals are likely to be subject to increasing cyber-attacks in the future, experts have predicted.

Researchers at the Georgia Tech Information Security Centre  warned that they will also increase in sophistication with attackers becoming better funded and more determined to cause havoc on these utilities over the next few years.

They said in their Emerging Cyber Threats Report for 2011, that these factors would make attackers likely to succeed in their quest.

In addition to compromise from externally-launched malware, the researchers warned that there was also an insider threat with disgruntled employees using cyber tactics to defraud utilities or perhaps cause power outages.

They said the threats applied to water and gas systems, which are rolling out smart meters and advanced metering infrastructure and they also warned that hospital infrastructure could be caught up in the attacks either through a direct attack, or accidentally through unpatched software on critical systems.

GTISC researcher David Dagon said in the report: “Hospitals and other medical facilities operate under a very different regulatory framework than in other industries.

“If an infected device is used in patient care, it may not be possible to patch it the same way as other systems because the FDA may have specific guidelines for making changes to devices that interact with patients.”

The researchers also added that they had already seen an upsurge in attacks hitting hospital hardware, including radiology systems.

We contacted a security company specialising in security protection for these sorts of attacks. An anonymous source agreed with the findings: “We have seen a range of sophisticated and better funded attacks over the past few years,” he told us.

“Attackers are turning on these companies, not for financial gain, but to prove a point or cause as much disruption as they can. The main attackers in these types of threats will often be disgruntled employees, a representative from a competing business or someone with strong philosophical or religious motives.

“However it could also just be an individual out there with the determination and resources needed.”