PharmaNet hacked

Last Friday, CTV reported yet another security breach -->  This time, the stolen information resides in PharmaNet. To provide context for the story, here is a description of PharmaNet provided by Medinet, the Integrated Electronic Health Solutions entity responsible for managing the system.

"Out-patient prescriptions filled in British Columbia are entered into PharmaNet, the province-wide pharmacy network.
The College of Physicians and Surgeons of BC considers the use of PharmaNet a best practice, and recommends that physicians use the provincial system for appropriate patient care.

Medical practices, clinics and hospitals in BC access PharmaNet over our secure, private network. Users obtain detailed patient drug profiles showing medication history for the past 14 months, and have access to other information necessary to prescribe new medications safely."

It appears, the security breach didn't happen through hacking activities directed at the central system. The security breach came through an end-point, a doctor's laptop. In other words, the hackers found the weakest link in the defence system and exploited it.
To assess the security risk, let's see who else can access the system. Another quote from Medinet:

"Who can access the system?
Physicians and anyone in a medical practice who is sponsored by a physician, like nurses, medical office assistants and clerks."

"What equipment do I need?
If you have access to the Internet, you are ready to go! We will give you our web-based program that runs through your Internet browser. No special equipment or installation is required, although high-speed Internet access is recommended."

As you can see, there are thousands of people with access to PharmaNet and in Medinet's own words, there nothing but a browser required to access it. They make absolutely no mentioned of securing your device, two-level authentication, no security measures at all... just a browser.
If you are designing a secure system for access over public networks, take the time to ensure end-point devices are protected to the same level.

Trending this week...     

This week brought some interesting articles and news worth taking note of:
- LG introduced their new LED panel, which can be rolled to a tube. The benefit is that now, every street light can have it's own TV channel.
- Another set back for Apple in China. Siri is apparently using patented technology by a Chinese firm. ->
- How would you like to see a self-healing aircraft? That is the future BEA is working on. Click here for this and other videos from BEA ->
- It was only a matter of time before we saw a successful fridge hacking incident; now it's here, the LED light bulb. Manufactures are racing to create smart, connected devices; and hackers are relishing it.
- NASA is looking at ways to save money. They sent one of their engineers out to buy a Android phone so they can embedded into the next generation of robots for the International Space Station.
- Check out even more trending topics here -->