The investigation of a well-known french company, expert in corporate cybersecurity, highlights how cybersecurity of most pharmacies, now increasingly connected, is seriously at risk.
An IT attack could have the extreme consequence of opening the doors not only of the virtual pharmacy, but also of the physical one.
Types of attacks
An analysis made on the Http warnings showed that, often, bugs generate pop-ups on the user's browser with the message: "This site has a bad reputation, do you really want to continue?".
Not a good image to be displayed on the pharmacy website ...
Another problem is 27 or 404 errors, which diverts an unaware user to make purchases on a competing site, with an evident economic loss for the pharmacy.
This situation occurs when the owner has not renewed the subscription for the domain name, which is therefore "stolen" by cyber criminals, remaining however among authorized ones of the pharmacists' association and therefore online.
The most dangerous attack, however, is the cross-site scripting (Xss), generated by a flaw present within the pharmacy site system.
The Xss allows the theft of cookies, with real-time access to sensitive patient data.
In the most serious cases, the user is directed, without him knowing, to illegal websites which open identical pages to those of the pharmacy. Here, the patient who is scammed, inserts his personal data that can be used for illicit commercial transactions.
When the central server is under attack, it happens that hackers enter directly into the site administration pages, display and modify a liking login, password, links and price lists of the virtual pharmacy, up to spreading the distorted prices also of the stocks of the supportive physical pharmacy.
Huge damage to the pharmacy in terms of income statement and external representation.
How often do you get a visit of a commercial agent in the pharmacy asking you to connect to the pharmacy Wi-Fi in order to process an order with the reference company?And what if the agent is unaware that his pc is infected due to poor protection and in turn infecting the network and connected devices of the pharmacy?
How big would be the damage to the pharmacy owner?
Are your colleagues who use personal devices connected to the pharmacy Wi-Fi assured of the goodness of the visited websites? And of the emails they receive on their accounts, containing large attachments that it is more convenient to download from a Wi-Fi network than to use the Giga of their own subscription?
When you relax during the night and watch a movie streaming from the pharmacy pc, have you ever noticed the amount of banners/advertising pages you open before you can see the content you’ve selected? Many of those advertisements are real sources of vulnerability for your business infrastructure.
A big entrance door half open to non insiders, trivially, there are also all the instruments/electromedicals, video surveillance cameras, or external vending machines, connected to the pharmacy network often without a simple secure authentication portal.
With the arrival of 5G, the mobile network will be 20 times faster than the current 4G, there will be new dangers for the computer systems of all pharmacies.
It is therefore essential to immediately provide the security of the internal network and disseminate the knowledge on this subject.
IES Italia and ntop are fully aware of the risks of unprotected navigation in business, therefore they have designed and developed IVO, a device for computer security.
Find out more about IVO. Visit the site and stay updated on upcoming features.
#Signaling System 7
#Common Channel Signalling System 7
By IES Team