Strong cyber attack at Tzanei Hospital

Four years after the cyber attack που had taken place in Tzanei Hospital, according with information published by SecNews, it seems that nothing has changed ... Indeed, some (well-meaning criticism is always respected) they have been quick to refer to SecNews exaggerations or to create an impression. However, it seems that the shortcomings in the field of Internet and Internet security of Hospitals in general, not only exist but the information systems remain vulnerable 4 for years after no one is interested !!!

 

Greek , "Deputy leader" according to a statement to a Greek hacking group by name "Greek Electronic Army", contacted EXCLUSIVELY by e-mail with our website and stated that they attacked on the Tzanei Hospital website.

The hacker with the pseudonym "0xyg3n" clearly states in his email that his team, pumped from his website Tzanei Hospital.

Features include:

 Using the existence of Sql weakness .. We managed to get the entire website database. We have the possibility to modify the website, but we do not wish to cause the slightest damage.

To confirm what he says "0xyg3n" he said Screenshots - proofs against cybercrime (having concealed specific points that can be used for malicious purposes).

 

It then lists the use of the weakness found, with known available (SQL Map) for data mining:

cyber attack 3 cyber attack

cyber attack 4 cyber attack

 

5 cyber attack

Of course they did not fail to identify using the same weakness and the name and password of the website administrator (!)

Identify web site administrator password by using SQL Injection

The members of the team as reported in their electronic message by Greek Electronic Army are:

0xyg3n, MassiveDistraction, and HackoManGR. The weakness was detected by using it SQLMap and Kali linux. They did not gain access, as they report to the server only in the database. Their website is on Facebook https://www.facebook.com/pages/Greek-Electronic-Army/280373122172466[here]

It is remarkable the fact that the website is located on the infrastructure of the national network "Syzefxis", with known safety issues which SecNews has highlighted in the past, as many of the systems served by it have at times come under the complete control of hackers.

tzaneiopic2 cybercrime

The queries we reported before 4 about a year (which of course were left unanswered), with the then cyber attack against this hospital remain:

A) Extremely sensitive personal data of citizens were endangered by the new attack against Tzanios Hospital; Do managers & computer managers need it? carry out urgent inquiries while informing their political superiors, with regard to this attack but also others that may have taken place and have not seen the light of publicity;

B) This attack is not distinguished by its high degree of difficulty and can be carried out with available tools that anyone can easily locate on the internet. The fact that these white-hat hackers chose to disclose elements of cyber-attack (of course, not to remove the criminal part of the case for committing an offense), contributes to the managers being aware of the existence of weakness. But what measures have been taken for more specialized attacks (such as spear phishing) by malicious hackers or eavesdroppers who aim to obtain and extract sensitive and personal data for any use and with fraudulent purposes;

C) What measures were taken by the company that implemented the site after the cynological attack, 4 years ago, and how much did it cost? Why did the measures prove inadequate and who is responsible in the event of leakage of sensitive data and information?

D)  Are there any circulars from Personal Data Protection Authority  for such incidents (such as cyber attacks) and whether they are being met by the competent staff of the Information Technology Services of Hospitals and Public Health Institutions?

We hope that now the executives of the Ministry of Health and their new political leaders, in the context of (finally !!!) proper total reorganization in the field of health, will IMMEDIATELY investigate the issue with the competent state bodies and will highlight the weaknesses, if there are. We estimate that the issue will be placed at the top of their agenda, if and to what extent public health and the personal data of innocent citizens & patients treated by hackers and malicious users are guaranteed.

That's it SecNews thanks the anonymous reader for timely and valid information

SecNews

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).