1 year ago


NHS investment Nicolai

NHS investment Nicolai Bezsonoff, Neustar Security Solutions: it has been a turbulent time for the NHS. perimeter and within the network. The results revealed the exposure of a massive threat surface, including publicly accessible network admin panels, unsecure web services for patients and several devices exposed to the internet and running outdated software. "Many healthcare organisations use singlefactor authentication (1FA) for their VPN services and have instances of devices running the infamously outdated Windows XP operating system," eSentire reports. "Externally-facing vulnerabilities were discovered that exist in commonly exploited software, such as OpenSSL, Microsoft Windows Server 2003, PHP, Apache Struts, and Microsoft IIS." The most startling observation is the mass exposure of services that require only singlefactor authentication. "Publicly exposed services with only single-factor authorisation are attractive targets for Brute Force techniques, in which a script methodically tries passwords until access is granted. They also do little to prevent unauthorised users from accessing network services with compromised credentials. Medical applications used to transmit patient records were also found transmitting patient data in clear-text, a format known to be susceptible to Man in The Middle (MiTM) sniffing, which can lead to compromised patient data. "Like other services, the login panel for administrative access to the router was exposed to the wild. Several services were also left exposed, including MySQL, SMB v1 and Telnet. If any patient records are kept on the MySQL server, the barrier to entry for a potential hacker is greatly reduced by the database being externally exposed. SMB v1, of WannaCry infamy, is an out-of-date protocol. Telnet is a protocol that lacks encryption, allowing third parties to listen in. Any sensitive information, credentials or device services utilising Telnet can easily be intercepted or compromised." Several more critical services were left exposed, eSentire adds, including Cisco Smart Install Protocol and MiniServ. "These findings are consistent with what researchers and experts claim about healthcare cybersecurity - the threat surface of healthcare organisations is excessively large. Given the critical role of healthcare institutions in a nation's stability, persistent attacks on its infrastructure can weaken a nation's economic and defence posture as a whole. " "Phishing attacks through email are also often opportunistic-malicious emails are sent to thousands of email addresses, which can be obtained on the Darkweb from a curated list of potential victims. Healthcare personnel are also more likely to open a phishing email given the high number of unpredictable emails they receive in the process of ordering drugs and equipment and collaborating with healthcare networks also experience a large degree of 'Reputation Blocks', in which an organisation's security provider automatically blocks traffic from known threats. "The weak security posture of the healthcare industry is an escalating problem. The industry's lack of cybersecurity awareness, combined with steady advances in technology (such as IoT pacemakers, life monitors and prosthetics), will continue to expand the industry's threat surface. Organisations that aren't prepared for the next big breach will have to allocate a larger share of funds to incident response, causing them to fall behind in the continuously evolving cyber-arms race." Organisations that take preventive measures, on the other hand, will avoid the costs (and risks to their patients) of a major breach, suggests eSentire, and will be able to focus on maturing and developing cybersecurity standards that adapt to how threats continue to evolve in the wild. eSentire proposes several technical recommendations that apply to the healthcare industry and beyond, including: Perform regular patch management to defend against opportunistic attackers Harden externally-facing servers Replace consumer-grade routers with professional-grade routers Raise staff awareness around phishing Monitor critical servers and Point-of- Sale (PoS) devices for indicators of compromise Implement 2-factor authentication, especially on critical, externally-facing services. The above recommendations, says the report, are best facilitated by a dedicated security team. "This is particularly true in the case of healthcare, where some of the flaws in cybersecurity are related to standard business practice within the organisation and thus require nuanced solutions." Finally, the following strategic recommendations are proposed: Employ a dedicated security team, including a chief security officer Include security assessments in decision-making when purchasing medical equipment Engage government and industry partners to enable information-sharing with cybersecurity professionals abroad. 10 computing security Jan/Feb 2018 @CSMagAndAwards

Cyber Security Managed Services Brookcourt Solutions manage services across Cyber Security and Networking Technologies to secure companies across all verticals from vunerabilities and threats. We consolidate multiple partner feeds from around the world into a single platform, then provide skilled analysts in-house to extract that data to provide timely, actionable cyber intelligence for our clients. How secure is your brand? Contact us: C y b e r S u r v e i l l a n c e • S e c u r i t y • N e t w o r k i n g • C o n s u l t a n c y • M a n a g e d S e r v i c e s Multi Award Winning For more information contact Brookcourt Solutions t: +44 (0) 1737 886 111