Category

News & Events

Two Key Device Security Documents Hospitals Need Now

| vigilantops | ,

When it comes to medical device security risk, hospitals are largely in the dark. By deploying medical devices without a Software Bill of Materials (SBOM) and/or an MDS2, they have no good way to know their actual vulnerability to cyberattacks, at least not without a lot of manual effort.

When it comes to medical device security risk, hospitals are largely in the dark. By deploying medical devices without a Software Bill of Materials (SBOM) and/or an MDS2, they have no good way to know their actual vulnerability to cyberattacks, at least not without a lot of manual effort.

In October, CISA (Cybersecurity & Infrastructure Security Agency) released a cybersecurity advisory warning of an imminent cybercrime threat to healthcare providers. Since the warning was released, there have been a wave of cyberattacks on hospitals. In October alone, attacks on hospitals increased by 71%.

 Some of these recent cyberattacks have ended up as national news, with the reporting of the aftermath focused on the immediate impacts on patient safety. For example, turning away patients due to compromised systems can have an immediate impact on the probability of survival for that patient. You can refer to our recent post on the Dusseldorf Hospital fatality for details. However, there are some less obvious, and longer-term, patient health impacts of these cyberattacks.

Take for example, the cancer center that is part of the University of Vermont Medical Center, which suffered an attack in late October. Due to the unavailability of their systems, including patient records, the clinicians were forced to turn away cancer patients. Without knowing the precise care regimen, and not wanting to try to work from memory, the clinicians really had no other good option. Not getting the needed treatments in the necessary timeframe will have an impact on a patient’s treatment outcome.

Cyberattacks targeting patient data systems, like Electronic Health Records, on average, cause 15 days of patient data system disruption.  In some attacks, clinicians were without system access for much longer. For example, the Universal Health Services attack, that we summarized and posted recently, left hospital crew without access to patient data for more than three weeks.

While the Healthcare industry will continue to remain a primary target for hackers, with the global pandemic confounding the ability to respond, there are some actions that hospital security can take that can provide some protection. The first step is to make sure all of your systems are properly maintained and patched. Of course, with medical devices, this is not a straightforward exercise, and will require security documentation from the vendor. Specifically, the vendor should be able to provide an MDS2 (Manufacturer Disclosure Statement for Medical Device Security) along with a Software Bill of Materials (SBOM) for their devices. Sometimes vendors will make the MDS2 available on a website for download. In most cases, SBOMs have to be requested.

In addition to obtaining the proper security documentation from your medical device vendors, also remember that Vigilant Ops is here to help protect your deployed medical devices, and we are available for a free cybersecurity consultation anytime. Please reach out using any of the contact information below.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Massive Ransomware Assault on Healthcare

| vigilantops | ,

CISA (Cybersecurity & Infrastructure Security Agency), the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) jointly released a cybersecurity advisory on October 28, 2020 warning of an imminent cybercrime threat to healthcare providers. Since the original release, the warning has been revised to include additional information. The advisory, Alert (AA20-302A) can be found here.

 Authorities have claimed this to be one of the most significant cybersecurity threats “…we have ever seen in the United States.”  This attack represents the latest salvo against hospitals which have been the hardest hit with ransomware attacks. In a ransomware attack, critical data is encrypted, rendering it not usable, until a ransom is paid. Most hospitals are eager to get back up and running, working hard to minimize the impact to patient care, so they are sometimes more likely to pay the ransom than other targeted businesses.

Cyber attacks targeting patient data systems, like Electronic Health Records, on average, cause 15 days of patient data system disruption.  In some cases, clinicians were without system access for much longer. For example, the Universal Health Services attack, that we summarized and posted recently, left hospital crew without access to patient data for more than three weeks.

Cybercrime threat to healthcare providers, costs our healthcare system tens of millions of dollars annually. A typical ransom could be several hundred thousand dollars, while some have been more than $5 million.

We highly recommend reviewing the published alert as it contains technical details about the threat, as well as details about how the malware replicates, including which files to be on the lookout for and various attack techniques.

In addition to the publicly available resources, Vigilant Ops is here to help protect your deployed medical devices, and we are available for a free cybersecurity consultation anytime. Please reach out using any of the contact information below.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

U.S. Treasury Department Warns of Possible Violations

Paying ransomware hackers could run afoul of anti-money laundering regulations. The Financial Crimes Enforcement Network (FinCEN) issued an advisory that, depending on the circumstances, facilitating ransomware payments to cyber-criminals could constitute money transmission, thus violating anti-money laundering regulations. In addition, the Office of Foreign Assets Control (OFAC) issued an advisory that engaging in transactions, such as ransomware payments, with individuals or entities on their Specially Designated Nationals and Blocked Persons List is a sanctions violation and could result in civil penalties.

To be fair, OFAC does publish a list of sanctioned entities, and they advise victim organizations to check this list prior to paying any ransom. The challenge in this case is in the identification of the hacker organizations, whose identity is not usually known to the ransomware victims.

The two most common forms of ransomware attacks come in the forms of phishing emails and poorly secured Remote Desktop Protocol (RDP). The latter is especially troubling given the dramatic increase in remote workers and the resulting loss of secure control of the working environment.

It’s fairly well-known that third-party software component vulnerabilities, like RDP, play a big role in enabling ransomware attacks, but organizations can take some proactive steps to help decrease the likelihood that they will fall victim to such attacks by implementing or maintaining processes that monitor third-party components, their vulnerabilities and available security patches.

Requesting a Software Bill of Materials (SBOM) from vendors, which is a monitored list of third-party software components utilized in their product, will provide needed transparency and will make the task of monitoring product components much more efficient. Of course, end-user training is always recommended, given that human error is still a huge contributor in facilitating unwanted access to networks and systems.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Universal Health Services (UHS) Hit by Ransomware Attack

| vigilantops | | Leave a Comment

Early on the morning of Sunday, September 27, 2020, end users at a United Health Services (UHS) hospital were greeted with locked phones and computer screens hijacked by ransomware. The giant hospital system has reverted back to paper forms, with no electronic access to online patient data, including lab results and historical information. Healthcare workers at the hospitals were told that it would take days to get the systems back online. UHS serves millions of patients through 400 facilities in the U.S. and the U.K.

 Authorities have not yet identified the source of the UHS attack, however, there are patterns emerging suggesting Ryuk ransomware, which encrypts the targeted system’s data and demands a ransom to be paid to have the data restored. The Ryuk ransom demands have ranged from around $100K to $500K.

The Ryuk ransomware is not new, and actually first surfaced in 2018. Since then, it has been unleashed mainly on various large organizations, known as “big game hunting”. The Ryuk ransomware can infect the targeted systems in various ways including through phishing emails or vulnerabilities in third -party components or services, such as Remote Desktop Protocol (RDP).

At this time, there is no indication that there has been any compromise to patient safety at the hospital system, but there could very well be an impact as the crisis unfolds. This is a grim reminder of the very recent Dusseldorf University Hospital incident, which we summarized in our report “Ransomware Attack Leads to Fatality”, where ransomware forced patient redirection from the impacted facility, which resulted in a fatality due to a delay in care.

While healthcare organizations are focusing on the global pandemic, they continue to be prime targets for hackers and bad actors. According to various studies, third-party software component vulnerabilities play a big role in enabling these breaches and are nearly invisible to healthcare providers, since they don’t know which components are running in which of their deployed devices.

Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM), which is a monitored list of software components utilized in a medical device, will help mitigate these security issues with third-party components. Agreement among stakeholders, however, does not necessarily translate into immediate adoption. Some of this delayed adoption is due to costs associated with generating, maintaining and sharing SBOMs and the lack of tools to help automate the process. We’re hoping to change that at Vigilant Ops, by offering our InSight Platform to enable medical device manufacturers to automatically generate, maintain and share SBOMs with their healthcare customers.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Vigilant Ops Announces Availability of InSight Platform V1 for HDOs

Healthcare Delivery Organizations Gain Visibility into Risk Profile of Deployed Medical Devices. Today, Vigilant Ops, an innovator in medical device cybersecurity, announced the immediate availability of InSight Platform V1 for Healthcare Delivery Organizations, providing HDOs with an automated solution for monitoring the health of their deployed medical devices.  The InSight Platform V1 for Medical Device Manufacturers (MDMs) was released on May 11 and provided MDMs an automated solution for generating and maintaining device software bills of materials (SBoMs).  With the release of the HDO functionality, these generated SBoMs can be shared with authorized HDOs directly and securely through the platform.

“The Vigilant Ops InSight Platform V1 is the only solution of its kind that brings together both the producer and the consumer of the SBoM on the same platform,” said Ken Zalevsky, CEO at Vigilant Ops and former Head of Medical Device Cybersecurity at Bayer. “Medical device manufacturers generate device SBOMs, and via secure connection, share them with authorized HDOs through the InSight Platform.”

The InSight Platform uses advanced techniques to interrogate medical devices and automatically generate bills of materials. Using artificial intelligence and machine learning, the InSight Platform continuously monitors for vulnerabilities in discovered device components. Thus enabling HDOs and MDMs to gain visibility into risk profile of medical devices and respond proactively to the latest discovered threats.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Ransomware Attack Leads to Fatality

| vigilantops | | Leave a Comment

Third-party software component vulnerability exploit causes treatment delay, leading to patient death. Healthcare providers have long been a favorite target for bad actors launching cyberattacks, which usually resulted in the loss of sensitive patient data. A recent cyberattack, however, has resulted in the loss of a patient’s life. On September 10, 2020, Dusseldorf University Hospital reported the first death resulting from a cyberattack.  An exploit of a third-party software component vulnerability led to the death of a patient at the hospital.

 Dusseldorf University Hospital’s clinical servers were hijacked by a large-scale ransomware attack, causing patients to be moved to other facilities for treatment. A critically ill woman, among those patients being relocated, died before she could be treated.

“The Dusseldorf University Clinic’s systems have been disrupted for a week. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in ‘widely used commercial add-on software’, which it didn’t identify.”​1​

This troubling report illustrates the critical condition of today’s healthcare security infrastructure, given the heavy reliance on third-party commercial software in medical systems. With no real visibility into the lifecycle of these third-party components, the risk profile of the medical systems is not easily known. The end result is that hospitals are deploying systems as “black boxes”, most of which are connected to networks and some of which come into direct contact with patients. Not knowing what is inside the systems, hospitals are at a disadvantage when it comes to reacting to vulnerability threats, and they end up spending valuable response time chasing down information from manufacturers and public data sources.

Recent developments are looking to address this visibility issue, including the introduction of a Software Bill of Materials, or SBOM.  An SBOM is a list of the software components utilized in a finished product, such as a medical device. By providing this transparency, medical device manufacturers are providing a way for hospitals to respond more quickly to reported vulnerabilities.

Some hospitals have begun requesting SBOMs from device manufacturers, and there are various regulatory developments that could speed adoption. In the United States, the Food and Drug Administration (FDA) has drafted guidance recommending the utilization of an SBOM. In addition, other regulatory bodies around the globe have included reference to the SBOM in recently released documentation.

Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM) will help mitigate security issues with third-party components. From a medical device manufacturer’s perspective, the extra effort it takes to generate and maintain SBOMs for their devices can be seen as an investment in brand reputation down the road. As for hospitals, one can easily imagine purchasing processes and decisions reliant on a deeper understanding of device security and SBOM documentation being critical to that decision making.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

  1. 1.
    German hospital hacked, patient taken to another city dies. ABC News. https://abcnews.go.com/International/wireStory/german-hospital-hacked-patient-city-dies-73069416
Vigilant Ops

WANT TO LEARN MORE?

Fill out the form to contact us and learn more about the Vigilant Ops Insight platform and receive information about the product benefits offered to healthcare delivery organizations and medical device manufacturers.


Vigilant Ops
8085 Saltsburg Rd., Pittsburgh, PA 15239

Copyright © 2021 Vigilant Ops. All rights reserved.