[Credits: Photo by rawpixel.com from Pexels]
With the internet, things are moving at an alarmingly fast pace. This equates to increased attack surface and phenomenal increase in the number of vulnerabilities out there. Industries are trying to keep up. Evidently one industry which is struggling to keep the pace is Healthcare.
In the healthcare industry, the effects of an exploited vulnerability certainly can spell disaster or death. This was quite evident with the latest research from CheckPoint shared at RSAC 2019. CheckPoint research team worked with a hospital in Israel to essentially perform a pen test and discovered a vulnerable exploitable ultrasound machine. It is interesting to note that the researchers did not need to perform any reverse engineering or any special skills to hack the ultrasound machine simply because it was running Windows 2000 – an OS that has reached end-of-life and is no longer updated or maintained by Microsoft. The team simply used an exploit for a known old vulnerability to gain control of the hardware.
The researchers team was able to perform three attacks as mentioned below quite easily:
- Download all scans of patients
- Replaced the patient names in the scans
- Executed ransomware.
Given the different medical devices used in hospitals to save lives, these same devices could be circumvented by hackers for disaster.
In a pilot at one of the leading hospitals in California, ThreatWatch was able to identify a potential vulnerability to an IV Drip manager device (Alaris Systems Manager). This vulnerability [CVE-2017-5715] essentially impacted many devices with Intel and Celeron processors and was impossible to scan using traditional scanning tools.
ThreatWatch was able to assess vulnerability impact on virtual asset representation obtained from the asset inventory system of the hospital. All of this without a scan. For more details on the vulnerability, please refer link.
If you are a healthcare provider and would like to know more about ThreatWatch’s revolutionary no-scan zero touch vulnerability assessment, please contact us at info@threatwatch.io