Strong cyber attack at Tzanei Hospital


Four years after the cyber attack που had taken place in Tzanei Hospital, according with information published by SecNews, it seems that nothing has changed ... Indeed, some (well-meaning criticism is always respected) they have been quick to refer to SecNews exaggerations or to create an impression. However, it seems that the shortcomings in the field of Internet and Internet security of Hospitals in general, not only exist but the information systems remain vulnerable 4 for years after no one is interested !!!

 

Greek hacker, "Deputy leader" according to a statement to a Greek hacking group by name "Greek Electronic Army", contacted EXCLUSIVELY by e-mail with our website and stated that they attacked on the Tzanei Hospital website.

The hacker with the pseudonym "0xyg3n" clearly states in his e-mail message that his team drew data from his website Tzanei Hospital.

Features include:

 Using the Sql Injection weakness. We managed to get the entire database of the site. We have the ability to make a change to the site, but we do not wish to cause the slightest damage.

To confirm what he says "0xyg3n" he said Screenshots - proofs against cybercrime (having concealed specific points that can be used for malicious purposes).

 

It then lists the use of the weakness found, with a known available tool (SQL Map) for data mining:

cyber attack 3 cyber attack

cyber attack 4 cyber attack

 

5 cyber attack

Of course they did not fail to identify using the same weakness and the name and password of the website administrator (!)

Identify web site administrator password by using SQL Injection

The members of the team as reported in their electronic message by Greek Electronic Army are:

0xyg3n, MassiveDistraction, and HackoManGR. The weakness was detected by using it SQLMap and Kali linux. They did not gain access, as they report to the server only in the database. Their website is on Facebook https://www.facebook.com/pages/Greek-Electronic-Army/280373122172466[here]

It is remarkable the fact that the website is located on the infrastructure of the national network "Syzefxis", with known safety issues which SecNews has highlighted in the past, as many of the systems served by it have at times come under the complete control of hackers.

tzaneiopic2 cybercrime

The queries we reported before 4 about a year (which of course were left unanswered), with the then cyber attack against this hospital remain:

A) Extremely sensitive personal data of citizens were endangered by the new attack against Tzanios Hospital; Do managers & computer managers need it? carry out urgent inquiries while informing their political superiors, with regard to this attack but also others that may have taken place and have not seen the light of publicity;

B) This attack is not distinguished by its high degree of difficulty and can be carried out with available tools that anyone can easily locate on the internet. The fact that these white-hat hackers chose to disclose elements of cyber-attack (of course, not to remove the criminal part of the case for committing an offense), contributes to the managers being aware of the existence of weakness. But what measures have been taken for more specialized attacks (such as spear phishing) by malicious hackers or eavesdroppers who aim to obtain and extract sensitive and personal data for any use and with fraudulent purposes;

C) What measures were taken by the company that implemented the site after the cynological attack, 4 years ago, and how much did it cost? Why did the measures prove inadequate and who is responsible in the event of leakage of sensitive data and information?

D)  Are there any circulars from Personal Data Protection Authority  for such incidents (such as cyber attacks) and whether they are being met by the competent staff of the Information Technology Services of Hospitals and Public Health Institutions?

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

We hope that now the executives of the Ministry of Health and their new political leaders, in the context of (finally !!!) proper total reorganization in the field of health, will IMMEDIATELY investigate the issue with the competent state bodies and will highlight the weaknesses, if there are. We estimate that the issue will be placed at the top of their agenda, if and to what extent public health and the personal data of innocent citizens & patients treated by hackers and malicious users are guaranteed.

That's it SecNews thanks the anonymous reader for timely and valid information

SecNews


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news