Key Findings<\/h2>\n\n- \n
CSW researchers identified 624 vulnerabilities overall that could be exploited by attackers to target a healthcare facility. Of these 43 are weaponized, 12 of them are trending in the wild, four are being exploited by Advanced Persistent Threat Groups and two are associated with ransomware.<\/p>\n<\/li>\n
- \n
8 CVEs are categorized as RCE\/PE exploits which makes them dangerous and attractive to hackers.<\/p>\n<\/li>\n
- \n
We have identified six vulnerabilities that exist in healthcare products and medical devices that could cause patient fatality and disability.<\/p>\n<\/li>\n
- \n
We investigated 56 vendors and 846 products and found the highest number of vulnerabilities (64%) in software applications that are used in the healthcare industry.<\/p>\n<\/li>\n
- \n
29% of vulnerabilities identified in our study have a high chance of exploitation by hackers.<\/p>\n<\/li>\n<\/ol>\n
Our researchers identified that it is not just medical devices that pose a danger to the health care sector. Indirectly used products like software applications, firmware, hardware, and operating systems also gave rise to vulnerabilities, compromising which could give attackers control over healthcare equipment.<\/p>\n
In this blog, we dive deep into CSW\u2019s research into healthcare products, and spotlight the danger that this critical industry segment faces day on day.\u00a0<\/strong><\/p>\n![](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/healthcare-blog-images_dangerous-vulnerabilities-fin.png\")
\nCSW\u2019s Healthcare and Medical Device\u00a0Products Investigation<\/h2>\n
CSW researchers identified 624 vulnerabilities overall that could be exploited by attackers.<\/p>\n
Healthcare Vulnerability Overview<\/em><\/span><\/p>\n![\"\"](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/healthcare-blog\/funnel.png\")
<\/em><\/span><\/p>\nThe Dangerous Targets: <\/strong>43 weaponized vulnerabilities exist in products used day in and day out for delivering patient care. These vulnerabilities either have publicly available exploits or are actively targeted by threat actors, making them a danger to healthcare networks, if left unpatched.<\/p>\n![](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/healthcare-blog\/vulnerabilities-by-cvss-severity-fin_1.png\" "\\"Chart\\"")
<\/p>\n
High Impact Targets:<\/strong> With over 50% of the vulnerabilities belonging to the high and critical severity categories, attackers have 351 different ways to enter into hospital or healthcare networks and cause maximum damage.<\/p>\nEasy Targets: <\/strong>It is also important to note that 11 low-scoring vulnerabilities exist in these products – the ones that will most likely be sidelined amongst the never-ending list of higher severity ones.<\/p>\nHigh Chatter: <\/strong>12 of the healthcare vulnerabilities have been observed as having high interest in the deep and dark web, with multiple posts discussing them – an indication that the vulnerability is being observed as a candidate for exploitation.<\/p>\nAttackers\u2019 Prize:<\/strong> Eight healthcare vulnerabilities fall under the RCE\/PE exploit category, implying that they can be remotely exploited to execute custom code, or easily used to elevate privileges to change the specified behavior of systems.<\/p>\nA Product Perspective:<\/strong> The whopping majority of vulnerabilities observed in our study are present in software applications regularly used in the healthcare industry. Hardware equipment takes the second spot with 30% affected products, followed by operating systems.<\/p>\n![](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/healthcare-blog\/healthcare-devices-by-product-category-fin.png\" "\\"Chart\\"")
<\/p>\n
Vulnerability Exploitation:<\/strong> CSW has been tracking healthcare vulnerabilities for a long time now and predicts their probability of exploitation, based on threat chatter, hacker activities, and exploits published, among a host of other parameters. According to our analysis, 29% of the vulnerabilities are 38 times more likely to be exploited, and this serves as a dire warning for healthcare institutions that are yet to invest in a cybersecurity strategy.<\/p>\n![](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/healthcare-blog\/probability-of-exploitation-of-vulnerabilities-fin.png\" "\\"Chart\\"")
<\/p>\n
Organizations that are unaware of the existence of such vulnerabilities in their network will remain exposed to malicious attackers. A continuous and exposure-aware attack surface management<\/a> platform can help discover such undetected attack vectors and address them in time.<\/strong><\/p>\nSix vulnerabilities in healthcare-related products have known associations with ransomware and APT groups. This translates to attackers having a tried and tested method that can create maximum disruption, thus marking them as highly dangerous.<\/p><\/blockquote>\n
The products exploited by these ransomware\/APT groups are one hospitals worldwide would use for convenience and better diagnosis, without a second thought. Imagine the horror if a ransomware group attacks a hospital, encrypts all files, and demands a huge ransom payout. Most government healthcare institutions would not be in a position to pay the ransom, or have a backup that they can fall back on. On the other hand, an APT actor getting hold of such confidential information can serve as fodder for state-sponsored espionage activities.
\nAPT Group Associations<\/strong><\/p>\nOur analysis associates three products as having vulnerabilities that have been previously exploited by popular threat actors, aka APT groups. Incidentally, all the four vulnerabilities are present in Oracle\u2019s products; and all of these are associated with the APT1 or the BrownFox group, a Chinese-sponsored actor in existence since 2006.<\/p>\n
CSW researchers identified 624 vulnerabilities overall that could be exploited by attackers to target a healthcare facility. Of these 43 are weaponized, 12 of them are trending in the wild, four are being exploited by Advanced Persistent Threat Groups and two are associated with ransomware.<\/p>\n<\/li>\n
8 CVEs are categorized as RCE\/PE exploits which makes them dangerous and attractive to hackers.<\/p>\n<\/li>\n
We have identified six vulnerabilities that exist in healthcare products and medical devices that could cause patient fatality and disability.<\/p>\n<\/li>\n
We investigated 56 vendors and 846 products and found the highest number of vulnerabilities (64%) in software applications that are used in the healthcare industry.<\/p>\n<\/li>\n
29% of vulnerabilities identified in our study have a high chance of exploitation by hackers.<\/p>\n<\/li>\n<\/ol>\n
Our researchers identified that it is not just medical devices that pose a danger to the health care sector. Indirectly used products like software applications, firmware, hardware, and operating systems also gave rise to vulnerabilities, compromising which could give attackers control over healthcare equipment.<\/p>\n
In this blog, we dive deep into CSW\u2019s research into healthcare products, and spotlight the danger that this critical industry segment faces day on day.\u00a0<\/strong><\/p>\n CSW researchers identified 624 vulnerabilities overall that could be exploited by attackers.<\/p>\n Healthcare Vulnerability Overview<\/em><\/span><\/p>\n The Dangerous Targets: <\/strong>43 weaponized vulnerabilities exist in products used day in and day out for delivering patient care. These vulnerabilities either have publicly available exploits or are actively targeted by threat actors, making them a danger to healthcare networks, if left unpatched.<\/p>\n High Impact Targets:<\/strong> With over 50% of the vulnerabilities belonging to the high and critical severity categories, attackers have 351 different ways to enter into hospital or healthcare networks and cause maximum damage.<\/p>\n Easy Targets: <\/strong>It is also important to note that 11 low-scoring vulnerabilities exist in these products – the ones that will most likely be sidelined amongst the never-ending list of higher severity ones.<\/p>\n High Chatter: <\/strong>12 of the healthcare vulnerabilities have been observed as having high interest in the deep and dark web, with multiple posts discussing them – an indication that the vulnerability is being observed as a candidate for exploitation.<\/p>\n Attackers\u2019 Prize:<\/strong> Eight healthcare vulnerabilities fall under the RCE\/PE exploit category, implying that they can be remotely exploited to execute custom code, or easily used to elevate privileges to change the specified behavior of systems.<\/p>\n A Product Perspective:<\/strong> The whopping majority of vulnerabilities observed in our study are present in software applications regularly used in the healthcare industry. Hardware equipment takes the second spot with 30% affected products, followed by operating systems.<\/p>\n Vulnerability Exploitation:<\/strong> CSW has been tracking healthcare vulnerabilities for a long time now and predicts their probability of exploitation, based on threat chatter, hacker activities, and exploits published, among a host of other parameters. According to our analysis, 29% of the vulnerabilities are 38 times more likely to be exploited, and this serves as a dire warning for healthcare institutions that are yet to invest in a cybersecurity strategy.<\/p>\n Organizations that are unaware of the existence of such vulnerabilities in their network will remain exposed to malicious attackers. A continuous and exposure-aware attack surface management<\/a> platform can help discover such undetected attack vectors and address them in time.<\/strong><\/p>\n Six vulnerabilities in healthcare-related products have known associations with ransomware and APT groups. This translates to attackers having a tried and tested method that can create maximum disruption, thus marking them as highly dangerous.<\/p><\/blockquote>\n The products exploited by these ransomware\/APT groups are one hospitals worldwide would use for convenience and better diagnosis, without a second thought. Imagine the horror if a ransomware group attacks a hospital, encrypts all files, and demands a huge ransom payout. Most government healthcare institutions would not be in a position to pay the ransom, or have a backup that they can fall back on. On the other hand, an APT actor getting hold of such confidential information can serve as fodder for state-sponsored espionage activities. Our analysis associates three products as having vulnerabilities that have been previously exploited by popular threat actors, aka APT groups. Incidentally, all the four vulnerabilities are present in Oracle\u2019s products; and all of these are associated with the APT1 or the BrownFox group, a Chinese-sponsored actor in existence since 2006.<\/p>\n
\nCSW\u2019s Healthcare and Medical Device\u00a0Products Investigation<\/h2>\n<\/em><\/span><\/p>\n<\/p>\n<\/p>\n<\/p>\n
\nAPT Group Associations<\/strong><\/p>\n