Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
All fields are required. Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
How security vulnerabilities pose risks for healthcare organizations
Your email has been sent
An analysis by Cyber Security Works uncovered 624 vulnerabilities that cybercriminals could exploit to target healthcare facilities.
Security vulnerabilities pose a risk to any organization, as attackers can take advantage of them to launch malware, infiltrate networks and compromise sensitive data. But hospitals and healthcare facilities are especially at risk as a single exploit can impact medical devices, health records and even the lives of patients. A recent report from security firm Cyber Security Works looks at how security flaws can be weaponized to attack healthcare organizations.
To generate its report titled 43 Weaponized CVEs in Healthcare Products Threaten Patient Care, CSW analyzed 56 different vendors and 846 products overall. Ultimately, 624 vulnerabilities were discovered and identified.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
A full 43 of the vulnerabilities could be exploited in everyday healthcare products used to deliver patient care. The exploits for these 43 are either publicly available or are actively being targeted by attackers, creating risks for healthcare companies that fail to patch them.
Another four of the security flaws were found in three different Oracle products and have been previously exploited by Advanced Persistent Threat Groups, specifically by APT1, aka the BrownFox gang, a Chinese-sponsored group that’s been around since 2006. The four vulnerabilities are CVE-2020-11022, CVE-2020-11023, CVE-2015-9251 and CVE-2019-11358.
Two of the vulnerabilities are associated with ransomware attacks. One of the vulnerabilities, CVE-2020-0601, was found in a product from Biomerieux, a French biotechnology company. This one points to BigBossHorse, a ransomware that runs on Windows and spoofs code-signing certificates.
The other vulnerability, CVE-2021-34527, was seen in five different products from Stryker, a manufacturer of navigation platforms used in surgery. The products in question contain the infamous PrintNightmare flaw. An attack against any of these five devices could impact an actual surgery.
Other vulnerabilities seen by CSW pose their own risks. Some 12 of them have been hot topics on the Dark Web, with multiple posts discussing them, a sign that they’re ripe for exploitation among attackers. Six of the vulnerabilities were found in healthcare products and medical devices that could cause patient fatality or disability. Eight of the flaws fall under the category of remote code execution, meaning that attackers can remotely connect to a compromised system to control or change its behavior.
Attackers who exploit security flaws against healthcare facilities can put patients in jeopardy. In January of 2021, McAfee discovered a vulnerability in infusion pumps made by medical device company B. Braun that, if exploited, would have triggered an incorrect dosage of medication to a patient. And in 2019, a ransomware attack against Springhill Medical Center in the U.S. led to the death of an infant when the resulting network outage cut off staff from fetal heartbeat monitors.
How can healthcare providers better protect themselves from attackers who exploit security vulnerabilities? CSW offers the following recommendations:
Cybercriminals are always eager to pounce on a security vulnerability as soon as it’s publicly known or available. That’s why healthcare organizations need to be proactive about monitoring for and patching security flaws before they can be widely exploited.
Secure Access Service Edge solutions are a mix of different cybersecurity tools, including secure remote access, on-premises security, secure cloud services and online resources. The goal is to help organizations devise the right strategy to securely manage and connect users and endpoints to any application or service. Biometric security is expected to play a bigger part in cybersecurity management by adding an extra level of protection.
Sharing health records among doctors, hospitals and other providers, EHR systems can benefit both patients and healthcare facilities. But these systems have been increasingly targeted by attackers, requiring healthcare organizations to monitor them to ensure that patient details cannot be compromised.
MFA adds another layer of protection beyond passwords alone. As such, healthcare providers should set up MFA systems to require physical hardware tokens or soft tokens such as passcodes or PINs before staff can gain access to sensitive patient data.
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
How security vulnerabilities pose risks for healthcare organizations
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
A new report reveals that blockchain is neither decentralized nor updated.
IDEs are essential tools for software development. Here is a list of the top IDEs for programming in 2022.
With so many agile project management tools available, it can be overwhelming to find the best fit for you. We've compiled a list of ten tools you can use to take advantage of agile within your organization.
Learn about the new features available with iOS 16, and how to download and install the latest version of Apple’s mobile operating system.
The online learning platform’s new course teaches the fundamentals of ML with less emphasis on math.
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and ...
Recruiting an Operations Research Analyst with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job.This hiring kit from TechRepublic Premium includes a job description, sample interview questions ...
The digital transformation required by implementing the industrial Internet of Things (IIoT) is a radical change from business as usual. This quick glossary of 30 terms and concepts relating to IIoT will help you get a handle on what IIoT is and what it can do for your business.. From the glossary’s introduction: While the ...
Procuring software packages for an organization is a complicated process that involves more than just technological knowledge. There are financial and support aspects to consider, proof of concepts to evaluate and vendor negotiations to handle. Navigating through the details of an RFP alone can be challenging, so use TechRepublic Premium’s Software Procurement Policy to establish ...