Endpoint/Device Security, Vulnerability Management

Weaponization of healthcare product flaws examined

Forty-three of 624 security flaws identified in healthcare devices have been weaponized to impact patient care, with exploits for the weaponized vulnerabilities being available to the public or being actively exploited by threat actors, reports TechRepublic. Chinese state-backed advanced persistent threat group APT1, also known as BrownFox, has exploited four security vulnerabilities namely CVE-2015-9215, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023 found in three Oracle offerings, according to a Cyber SecurityWorks report. Healthcare product vulnerabilities have also been targeted in ransomware attacks, with the BigBossHorse ransomware leveraging a Biomerieux bug, and other ransomware actors exploiting the PrintNightmare flaw in Stryker devices. Nearly a dozen of security bugs have also been talked about by threat actors on the dark web, indicating a likelihood of exploitation. Healthcare providers have been urged by CWS to immediately patch critical flaws, consolidate Secure Access Service Edge solutions and biometrics, track electronic health record systems, and implement multi-factor authentication.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds