Exposed devices and supply chain attacks: Overlooked risks in healthcare networks

April 12, 2018

Healthcare systems were held hostage by WannaCry in May 2017. The ransomware attack painted a vivid picture of what a digital-borne threat can do to paralyze real-world processes, including actual hospital procedures such as life-saving surgeries. This IT security nightmare prompted discussions specific to the problem of securing connected hospitals. While patients get better and more efficient services when healthcare facilities adopt new technologies, add smart devices, and embrace new partnerships, the digital attack surface becomes broader as well.

To shed light on healthcare network risks that are not getting enough attention, Trend Micro partnered with HITRUST for the research paper Securing Connected Hospitals. Trend Micro Forward-Looking threat researchers explored two aspects: Exposed connected medical systems and devices, and supply chain cyberthreats.

The previous studies regarding exposed devices in internet of things (IoT) or industrial internet of things (IIoT) environments in different states and sectors in the United States, and subsequently in different countries in Western Europe, were a wakeup call for organizations who are not sufficiently securing connected printers, webcams, databases, and even ports. The risk is much more nuanced in the healthcare industry.

It was discovered that exposed medical systems—including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks—which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.

Supply chain threats, likewise, are potential risks associated with suppliers of goods and services to healthcare organizations: A perpetrator can exfiltrate confidential/sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity. The healthcare industry is more dependent than ever on cloud-based systems, third-party service providers, and vendors in the supply chain. With that in mind, Trend Micro and HITRUST examined the different entry points that can render a network susceptible to a supply chain attack, and the different kinds of attacks that can be deployed by cybercriminals.

After identifying exposure and supply chain risks, they performed a DREAD threat modeling exercise on healthcare networks in order to understand where, among various threats, the greatest risk lies.

Through this research, Trend Micro and HITRUST sought to arm healthcare IT security teams with a broader perspective about the kinds of threats that they should defend their networks against.

Trend Micro has the full release and report

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...