Home Blog BlueKeep Posing a Risk to Healthcare BlueKeep Posing a Risk to Healthcare BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The healthcare industry continues to adopt new technologies to improve efficiency and cut costs. In many cases, these new technologies have been added to infrastructure, processes, and software from a different era, introducing new vulnerabilities. Researchers found 22% of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even worse, 45% of connected medical devices running Windows are vulnerable to BlueKeep. Vulnerable medical devices can include MRIs, ultrasounds, X-rays, and more. Many run on Windows, allowing their operators to more easily collect and upload data. Beyond BlueKeep, outdated Windows versions are also exposing medical devices to other vulnerabilities. For instance, up to 11% of connected medical devices are exposed to DejaBlue, a set of RDP flaws affecting Windows 7, Windows 8.1, and Windows 10 (as well as Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019). Although these numbers seem alarming, they aren’t surprising. Charles Ragland is a security engineer at Digital Shadows. He has worked in emergency rooms and on ambulances for 10 years. During that time, he witnessed a number of outdated medical devices including cardiac catheterization lab systems running on Windows Server 2003. “With the level of complexity that involves managing networks with vast amounts of connected devices, it is not surprising that many of these devices have slipped through the cracks and remain vulnerable to threats such as BlueKeep,” Ragland told Threatpost. “As always, the most effective risk mitigation techniques involve turning off unnecessary services, implementing network level authentication [for RDP], blocking access to sensitive ports, and ensuring timely security updates.” Chris Morales, head of security analytics at Vectra, cited another reason for outdated or unpatched software that is a little more concerning, because there isn’t an easy fix. “Most medical devices are not updated as they serve a specific lifesaving function,” he told Threatpost. “While an OS update might seem benign, any interruption with the functioning of a medical device could have serious implications. Now this isn’t a total excuse for not updating. Manufacturers need to update testing processes that enable [sic] a timeline for validation and updating.” In that same vein, IoT devices are notorious for being difficult to patch. The systems built using them are designed for hospital medical staff, not maintenance. IoT devices get built for the target use case, which makes them difficult to maintain. A single doctors’ office can be using many different devices; an entire hospital – even more. This all leads to the healthcare industry being highly targeted by cybercriminals. According to the recently published 2020 Healthcare Security Vision Report from CyberMDX, almost 30% of healthcare delivery organizations (HDOs) have experienced a data breach in the past 12 months, clearly demonstrating the healthcare industry is struggling to address vulnerabilities and block cyberattacks. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
BlueVoyant Share: Facebook Twitter LinkedIn “Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities. The healthcare industry continues to adopt new technologies to improve efficiency and cut costs. In many cases, these new technologies have been added to infrastructure, processes, and software from a different era, introducing new vulnerabilities. Researchers found 22% of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even worse, 45% of connected medical devices running Windows are vulnerable to BlueKeep. Vulnerable medical devices can include MRIs, ultrasounds, X-rays, and more. Many run on Windows, allowing their operators to more easily collect and upload data. Beyond BlueKeep, outdated Windows versions are also exposing medical devices to other vulnerabilities. For instance, up to 11% of connected medical devices are exposed to DejaBlue, a set of RDP flaws affecting Windows 7, Windows 8.1, and Windows 10 (as well as Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019). Although these numbers seem alarming, they aren’t surprising. Charles Ragland is a security engineer at Digital Shadows. He has worked in emergency rooms and on ambulances for 10 years. During that time, he witnessed a number of outdated medical devices including cardiac catheterization lab systems running on Windows Server 2003. “With the level of complexity that involves managing networks with vast amounts of connected devices, it is not surprising that many of these devices have slipped through the cracks and remain vulnerable to threats such as BlueKeep,” Ragland told Threatpost. “As always, the most effective risk mitigation techniques involve turning off unnecessary services, implementing network level authentication [for RDP], blocking access to sensitive ports, and ensuring timely security updates.” Chris Morales, head of security analytics at Vectra, cited another reason for outdated or unpatched software that is a little more concerning, because there isn’t an easy fix. “Most medical devices are not updated as they serve a specific lifesaving function,” he told Threatpost. “While an OS update might seem benign, any interruption with the functioning of a medical device could have serious implications. Now this isn’t a total excuse for not updating. Manufacturers need to update testing processes that enable [sic] a timeline for validation and updating.” In that same vein, IoT devices are notorious for being difficult to patch. The systems built using them are designed for hospital medical staff, not maintenance. IoT devices get built for the target use case, which makes them difficult to maintain. A single doctors’ office can be using many different devices; an entire hospital – even more. This all leads to the healthcare industry being highly targeted by cybercriminals. According to the recently published 2020 Healthcare Security Vision Report from CyberMDX, almost 30% of healthcare delivery organizations (HDOs) have experienced a data breach in the past 12 months, clearly demonstrating the healthcare industry is struggling to address vulnerabilities and block cyberattacks. Share: Facebook Twitter LinkedIn Related reading Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
Why Bluevoyant BlueVoyant – Microsoft Security Consulting Potential Career Paths November 29, 2021 BlueVoyant is always looking for people who are flexible, willing to tackle new technologies, explore, get their hands on the latest cybersecurity tools,… Read more
Malware AnchorDNS Comes Ashore: Evolutions in the TTPs of TrickBot November 12, 2021 Using our knowledge of AnchorDNS-now-Stickseed, BlueVoyant Third-Party Risk and Managed Security Services were able to identify a Stickseed attack in the… Read more
Identifying Threats Pivoting on Compliance Efforts Under CMMC 2.0 November 9, 2021 The U.S. government released CMMC 2.0 on November 4, or less than one week ago. This brief summarizes what we currently know, key points that still need to… Read more
