Category Archives: Healthcare industry

Another alert in the medical industry (ZOLL Defibrillator Dashboard design weakness) 15th Jun 2021

Preface: A defibrillator is a device that gives a high energy electric shock to the heart of someone who is in cardiac arrest.

What is Defibrillator Dashboard ? A Web-based application provides ability to login. The Dashboard contained monitoring the defibrillators function.

Vulnerability details: The U.S. Department of Homeland Security urges the medical industry to be vigilant about design weaknesses in ZOLL products (defibrillator dashboards). The official articles can be found in following url – https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01

Security Focus: According to attached diagram, CVE-2021-27489 contain critical risk. Medical environment especially hospital will be installed the medical equipment in a separate network. In order to prevent unknown cyber attack, their solution most likely do not provide internet access function. To avoid cyber criminals to exploit the vulnerability of this product. Perhaps stop internet function on workstation not enough. The hospital should setup alert (correlations firing rules) in their SIEM. When anonymous host connect, it should do the monitoring. Because the anonymous host might be capable of gateway function and let vulnerable products becomes victims.

Workaround: If it is urgent to use the monitoring function remotely. It is highly recommended to use VPN. Detailed information about protection. Please refer to the CISA article.

Kwampirs Targeted Attacks Involving Healthcare Sector – (31st Mar 2020)

Preface: Orangeworm is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015.

Synopsis: Why does Kwampirs fall into the “Advanced Persistent Threat (APT)” category?

  • For tradition malware “click and action” attacks. APT attack not condct the similar action. Instead, APT merely do the infiltration on network and communicate with C&C peer daily. asking for updates.
  • The APT malware rare to do the destructive action especially encrypting data. Ask victim to pay the ransome.

About Kwampirs : FBI alert that Kwampirs goal to implant the remote-access Trojan (RAT). His target include organizations that run industrial control systems (ICS), financial services firms, energy companies and healthcare institutions. As a matter of fact, The Kwampirs was used by Orangeworm group as a backdoor Trojan. It has been found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines in past. So it was not suprising with Cyber security Guru that he return to healthcare industry.

How did Kwampirs infiltrate my computer? There are several ways to distribute Kwampirs. For instance, by using email campaigns, fake software updates, untrustworthy third party software download channels and unofficial software activation tools. So only relies on Yara rules in IDS not a effective solution to avoid this attack. The observation proves that the internal access control of the 3rd party device is one of the effective channel.

Should you have interested of this matter, please refer to URL – https://www.infragard-la.org/wp-content/uploads/2020/02/FLASH-CP-000118-MW-TLP-GREEN-YARA-Rules-to-Identify-Kwampirs-Malware-Employed-in-Ongoing-Cyber-Supply-Chain-Campaign-Targeting-Global-Industries.pdf

By the way, we hope that the corona-virus will disappear in the world as soon as possible.

Dejablue vulnerability – Impact on Siemens Health Products (10th Sep 2019)

For healthcare, cyber attacks can have ramifications beyond financial loss and breach of privacy.

Preface: For healthcare, cyber attacks can have ramifications beyond financial loss and breach of privacy.

Background: The DejaBlue vulnerabilities are in the early stages of the RDP connection. The flaws precede the authentication phase, thereby there is no need for passwords of keys to breach the system and eventually can lead to remote code execution.

DejaBlue vulnerability trigger medical device manufacturer alert! People relies on doctor do the medical surgery to remediate their weakness of the health. But the medical industry itself also require cyber security doctor to remedy their product design weakness. It is fair. Siemens pioneer to introduce first computed tomography scanner in 70’s. In 1980 the first manufacturer to made the magnetic resonance imaging (MRI) scanner. As of today, their design has been intergarte with computing technology. And therefore the zero day and vulnerability happen in cyber world will become their pain!

Official announcement: SSA-187667: DejaBlue Vulnerabilities – Siemens Healthineers Products – https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf

Rampant cyber attacks – Is the healthcare industry suitable for using open source software?

Preface: In our world that is more and more vulnerable to hackers or data breaches.

Strategy Challenge: According to data privacy, security matters when choosing new software system today. Can we choose open source software deploy in medical or healthcare areas? If it is possible to use, which is Better for Open Source software?

Healthcare Cybersecurity Trends – 2019 – The National Association of County and City Health Officials say that healthcare breaches can cost up to $400 a patient. Apart of different country laws and regulations governance. A major reform in the European data protection framework establish GDPR. The GDPR introduces an obligation on data controllers to report breaches of patients’ health records to the data protection authority within 72 hours from becoming aware of the incident. A personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The maximum administrative fine contemplated by the GDPR is of 20 million (Euro). Or 4% of a company’s annual revenue. As the above regulations and penalties are mandatory. Whereby , for the data governance prospective. The related industry define a road map. The concept of idea shown as below:

Can I use open source software for healthcare operations?

Quote: Absolutely. All Open Source software can be used for commercial purpose; the Open Source Definition guarantees this. You can even sell Open Source software. However, note that commercial is not the same as proprietary. said opensoure.org

How about the vulnerability management? As a matter of fact, it is rare for healthcare industry make use of open source software directly. In some circumstances, 3rd party vendor will do a customization on their solution thus integrate the business function to open source software. Below example can provide the details.

OpenEMR is the most popular open source electronic health records and medical practice management solution. OpenEMR is an ONC Certified HIT 2014 Edition Complete EHR product. Although it is the open source software, but it is a computer products and it is hard to avoid vulnerability occurs. The vulnerabilities occurs in two different function (see below). Hacker can be exploit these vulnerabilities by SQL injection. Since this is a SQL injection and therefore it might involves data privacy. Follow up the response from vendor side. Found that the corrective action take place and do the remediation. Perhaps the rating of the response time not easy to judge because of Common Vulnerabilities and Exposures reporting criteria and procedure. However these limitation not limit to open source software vendor. Even though the vulnerability management do not have major difference. OpenEMR issue the remedy posted on Aug 2018.

OpenEMR has released software updates at the following link: OpenEMR 5.0.1 Patch 7

The moment of truth: A decade before , If you interview with enterprise firm CTO, are they willing to use open source software. We will receive a standard answer. It is not possible! But may be we are not aware. The open source software living with us for long time actually. PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

Summary: As a matter of fact, the cyber attack not merely based on a single element or component. In order to avoid the attack, even though you are not using open source software. You should have to enhance the detective and preventive control. Therefore if you would like to deploy the healthcare application system with opensource software. You have to fulfill below requirements.

Software and Patch Management
Log Management
Network Segmentation
Block Suspicious Activity
Credential Management
Establish a Baseline for Host and Network Activity
Organization-Wide IT Guidance and Policies

End of document.