- Global Call to Action: The United Nations urges international cooperation to protect healthcare infrastructure from rising cyber threats.
- Critical Insights from Trustwave SpiderLabs: Discover key findings from real-world Red Team exercises revealing vulnerabilities in healthcare security.
- Healthcare Under Siege: Learn how ransomware attacks target hospitals, jeopardizing patient safety and compromising sensitive medical data.
The threat facing healthcare organizations worldwide is being recognized at the highest level, with the United Nations calling for international cooperation to combat the issue.
The international organization has asked its members to support fellow member nations by providing technical assistance and guidelines to bolster the resilience of health infrastructure against attack.
The threat facing the healthcare industry has been tracked and researched for the last several years by Trustwave SpiderLabs, with its most recent reports just being released:
Tedros Adhanom Ghebreyesus, World Health Organization General Director, emphasized the severe impact of cyberattacks on hospitals and healthcare services, calling for urgent and collective global action to address this growing crisis.
“Ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality; they can be issues of life and death”, he said. At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death”.
The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, Tedros and SpiderLabs noted.
Trustwave SpiderLabs in its recent report Healthcare Sector Deep Dive: Ransomware Trends and Impact, brought to life exactly how an adversary could gain a dangerous level of access to a healthcare organization. This information was generated during a real-life Red Team exercise with a Trustwave client.
The weeks-long exercise was conducted against what SpiderLabs described as a well-managed security environment and focused specifically on achieving privilege escalation or abusing user privileges to attempt further exploitation of the environment.
While the organization did have security tooling, Trustwave SpiderLabs observed a high dependency on Application Control, which is not uncommon. For the duration of the operation, SpiderLabs obtained a high level of privilege in a brief period.
Trustwave SpiderLabs identified several issues related to the company’s Virtual Desktop Infrastructure (VDI) instance, which allowed arbitrary code execution and the means to establish a foothold within the company’s network. However, even though Trustwave SpiderLabs was allowed to pivot – eventually achieving Domain Administrator privileges, there are multiple aspects in which SpiderLabs would have been caught at the start of the exploitation event, and the instance of exploitation would have been remediated.
Trustwave SpiderLabs was able to access a wide range of files and backups and prove the ability to worm ransomware. Again, this was only possible in the light of the client working with Trustwave SpiderLabs to highlight the detection events and allow the team to continue.
Summary of Key Red Team Findings:
- Credential Mismanagement: Weak password policies, credential reuse, and exposed accounts with low-security measures were identified across various systems, enabling privilege escalation and lateral movement.
- Vulnerability in Sensitive Systems: Critical systems, including medical devices, shared drives, and web applications, were found to be improperly secured, exposing PHI, PII, and internal credentials to unauthorized access.
- Privilege Escalation: The ability to escalate privileges within the network and to Domain Admin levels was demonstrated. This provides attackers with the potential for broad access across the entire environment.
- Misconfiguration in Network Segmentation: Vulnerabilities in the segmentation of sensitive areas, such as patient rooms and camera systems, were found, leaving them exposed to lateral movement and exploitation.
The recent reports from Trustwave SpiderLabs provide invaluable insights into the vulnerabilities that attackers exploit, offering a roadmap for proactive security measures.
With international cooperation and a collective commitment to cybersecurity, the healthcare industry can better safeguard its systems, protect sensitive data, and ensure the uninterrupted delivery of critical care services. The call to action is clear: the time for robust cybersecurity investment and collaboration is now.
