Story image

One year on, the WannaCry scare hasn't made healthcare security any better

09 Apr 2018

Cybersecurity in the healthcare sector was put under the spotlight after the WannaCry ransomware attacks that hit in May 2017, and it painted a vivid picture of how threats can paralyse real-world processes.

That’s according to Trend Micro and HITRUST’s latest research on how connected hospitals can be exploited – and researchers believe that the WannaCry scare has only made matters worse.

The research paper, titled Securing Connected Hospitals, looks at how internet-connected medical devices are often exposed due to misconfigured networks or software interfaces.

Connected devices can include surgical equipment, office applications, inventory systems, monitoring equipment, and imaging equipment.

Using search website Shodan, researchers were able to pinpoint devices connected to the Internet of Things and gather information about the devices’ geographic locations, hostnames, operating systems, and other information.

“An adversary can also use Shodan to perform detailed surveillance and gather intelligence about a target, which is why Shodan has been called the World’s Most Dangerous Search Engine,” the report says.

Beyond Shodan, exposed devices can also be profiled using network tools. Attackers could potentially access sensitive data, webcam feeds, compromise assets to conduct DDoS attacks or botnets, demand ransoms and much more.

The paper also looked at how supply chain attacks, including associates and third-party contractors, also play a dangerous role – 30% of healthcare breaches in 2016 were due to third parties.

“Supply chain threats arise as a result of outsourcing suppliers, and the lack of verifiable physical and cybersecurity practices in place at the suppliers,” the report says.

“Suppliers do not always vet personnel properly, especially companies that have access to patient data, hospital IT systems, or healthcare facilities. Vendors do not always vet their own products and software for cybersecurity risks, and may also be outsourcing resources as well. This allows perpetrators to exploit sensitive information across the supply chain.”

There are seven major supply chain threat vectors that attackers can use against the healthcare sector:

Firmware  attacks, mHealth mobile application compromises, source code compromise during the manufacturing process, insider threats from hospital and vendor staff, website/EHR and internal hospital software compromise, spearphishing, and third party vendor credentials.

The report points out that source code compromise during the manufacturing process can be extremely dangerous because hospitals tend not to test device security before installing it on their networks.

While no data on incidents involving medical devices was publicly disclosed in 2017, tablets, phones and even USB devices have been compromised in the past.

“In 2016, a healthcare organization unknowingly sent 37,000 malware-infected USB thumb drives to their offices nationwide. The manual of procedure codes for that year included the flash drive on the back pocket,” the report says.

The paper draws on qualitative risk analysis of various attack vectors to give an overview of some of the most pressing threats in healthcare.

Those threats include insecure devices that can be used to access a network, DDoS attacks, spear phishing, and unpatched systems.

“Having effective alert, containment, and mitigation processes are critical. The key principle of defense is to assume compromise and take countermeasures.”

  • Quickly identify and respond to ongoing security breaches.
  • Contain the security breach and stop the loss of sensitive data.
  • Pre-emptively prevent attacks by securing all exploitable avenues.
  • Apply lessons learned to further strengthen defenses and prevent repeat incidents.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."