Home Blog BlueKeep Posing a Risk to Healthcare BlueKeep Posing a Risk to Healthcare BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The healthcare industry continues to adopt new technologies to improve efficiency and cut costs. In many cases, these new technologies have been added to infrastructure, processes, and software from a different era, introducing new vulnerabilities. Researchers found 22% of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even worse, 45% of connected medical devices running Windows are vulnerable to BlueKeep. Vulnerable medical devices can include MRIs, ultrasounds, X-rays, and more. Many run on Windows, allowing their operators to more easily collect and upload data. Beyond BlueKeep, outdated Windows versions are also exposing medical devices to other vulnerabilities. For instance, up to 11% of connected medical devices are exposed to DejaBlue, a set of RDP flaws affecting Windows 7, Windows 8.1, and Windows 10 (as well as Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019). Although these numbers seem alarming, they aren’t surprising. Charles Ragland is a security engineer at Digital Shadows. He has worked in emergency rooms and on ambulances for 10 years. During that time, he witnessed a number of outdated medical devices including cardiac catheterization lab systems running on Windows Server 2003. “With the level of complexity that involves managing networks with vast amounts of connected devices, it is not surprising that many of these devices have slipped through the cracks and remain vulnerable to threats such as BlueKeep,” Ragland told Threatpost. “As always, the most effective risk mitigation techniques involve turning off unnecessary services, implementing network level authentication [for RDP], blocking access to sensitive ports, and ensuring timely security updates.” Chris Morales, head of security analytics at Vectra, cited another reason for outdated or unpatched software that is a little more concerning, because there isn’t an easy fix. “Most medical devices are not updated as they serve a specific lifesaving function,” he told Threatpost. “While an OS update might seem benign, any interruption with the functioning of a medical device could have serious implications. Now this isn’t a total excuse for not updating. Manufacturers need to update testing processes that enable [sic] a timeline for validation and updating.” In that same vein, IoT devices are notorious for being difficult to patch. The systems built using them are designed for hospital medical staff, not maintenance. IoT devices get built for the target use case, which makes them difficult to maintain. A single doctors’ office can be using many different devices; an entire hospital – even more. This all leads to the healthcare industry being highly targeted by cybercriminals. According to the recently published 2020 Healthcare Security Vision Report from CyberMDX, almost 30% of healthcare delivery organizations (HDOs) have experienced a data breach in the past 12 months, clearly demonstrating the healthcare industry is struggling to address vulnerabilities and block cyberattacks. Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The healthcare industry continues to adopt new technologies to improve efficiency and cut costs. In many cases, these new technologies have been added to infrastructure, processes, and software from a different era, introducing new vulnerabilities. Researchers found 22% of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even worse, 45% of connected medical devices running Windows are vulnerable to BlueKeep. Vulnerable medical devices can include MRIs, ultrasounds, X-rays, and more. Many run on Windows, allowing their operators to more easily collect and upload data. Beyond BlueKeep, outdated Windows versions are also exposing medical devices to other vulnerabilities. For instance, up to 11% of connected medical devices are exposed to DejaBlue, a set of RDP flaws affecting Windows 7, Windows 8.1, and Windows 10 (as well as Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019). Although these numbers seem alarming, they aren’t surprising. Charles Ragland is a security engineer at Digital Shadows. He has worked in emergency rooms and on ambulances for 10 years. During that time, he witnessed a number of outdated medical devices including cardiac catheterization lab systems running on Windows Server 2003. “With the level of complexity that involves managing networks with vast amounts of connected devices, it is not surprising that many of these devices have slipped through the cracks and remain vulnerable to threats such as BlueKeep,” Ragland told Threatpost. “As always, the most effective risk mitigation techniques involve turning off unnecessary services, implementing network level authentication [for RDP], blocking access to sensitive ports, and ensuring timely security updates.” Chris Morales, head of security analytics at Vectra, cited another reason for outdated or unpatched software that is a little more concerning, because there isn’t an easy fix. “Most medical devices are not updated as they serve a specific lifesaving function,” he told Threatpost. “While an OS update might seem benign, any interruption with the functioning of a medical device could have serious implications. Now this isn’t a total excuse for not updating. Manufacturers need to update testing processes that enable [sic] a timeline for validation and updating.” In that same vein, IoT devices are notorious for being difficult to patch. The systems built using them are designed for hospital medical staff, not maintenance. IoT devices get built for the target use case, which makes them difficult to maintain. A single doctors’ office can be using many different devices; an entire hospital – even more. This all leads to the healthcare industry being highly targeted by cybercriminals. According to the recently published 2020 Healthcare Security Vision Report from CyberMDX, almost 30% of healthcare delivery organizations (HDOs) have experienced a data breach in the past 12 months, clearly demonstrating the healthcare industry is struggling to address vulnerabilities and block cyberattacks. Share: Facebook Twitter LinkedIn Related reading Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more
Ransomware Why Are the Consequences of Ransomware Attacks Rarely Fully Understood? May 24, 2022 According to BlueVoyant’s ransomware research, unsuspecting victims suffer the consequences, such as layoffs, medical treatment delays, travel… Read more
Ransomware From Ransomware to the U.K.’s Cybersecurity Strategy May 20, 2022 In the past couple of years, ransomware attacks have doubled and – in some instances – quadrupled in frequency, as noted in BlueVoyant’s Ransomware… Read more
Microsoft Security BlueVoyant Awarded L4 Cloud Security Rockstar Team from Microsoft Private Security Community May 17, 2022 This week, Caleb Freitas and Mona Ghadiri received the L4 Cloud Security Rockstar Team award on behalf of BlueVoyant. Read more