Endpoint/Device Security, Vulnerability Management
Weaponization of healthcare product flaws examined
Forty-three of 624 security flaws identified in healthcare devices have been weaponized to impact patient care, with exploits for the weaponized vulnerabilities being available to the public or being actively exploited by threat actors, reports TechRepublic.
Chinese state-backed advanced persistent threat group APT1, also known as BrownFox, has exploited four security vulnerabilities namely CVE-2015-9215, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023 found in three Oracle offerings, according to a Cyber SecurityWorks report. Healthcare product vulnerabilities have also been targeted in ransomware attacks, with the BigBossHorse ransomware leveraging a Biomerieux bug, and other ransomware actors exploiting the PrintNightmare flaw in Stryker devices.
Nearly a dozen of security bugs have also been talked about by threat actors on the dark web, indicating a likelihood of exploitation.
Healthcare providers have been urged by CWS to immediately patch critical flaws, consolidate Secure Access Service Edge solutions and biometrics, track electronic health record systems, and implement multi-factor authentication.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds