Tech & Innovation in Healthcare
HC3 Warns Against Cybersecurity Software Tool Vulnerabilities
Question: Our IT team is planning a simulated cybersecurity attack on our network to assess the vulnerabilities and risk. Even though I know the attack is only a drill, I can’t help but wonder if outside threats could take control of the technology. Are software tools possible targets for threat actors? Pennsylvania Subscriber Answer: Yes, software tools are possible targets. Malicious actors have the skill and knowledge to flip the use of legitimate software tools to threaten healthcare organizations and networks. In a brief issued on issued Oct. 6, 2022, the U.S. Department of Health & Human Services (HHS) Health Sector Cybersecurity Coordination Council (HC3) warned against threat actors using legitimate cybersecurity tools against healthcare organizations. Some of the tools listed in the brief by HC3 include: While essential to healthcare systems and networks, each tool “should be evaluated based on its own merits and drawbacks,” HC3 stated in the brief. The tools listed in the brief can offer value to healthcare organizations, which means that healthcare organizations need to take proper precautions and evaluate the benefits and risks of using the tools accordingly. The agency didn’t take a stance on the tools’ legitimate use, but did note that “the same tools used to operate, maintain, and secure healthcare systems and networks can also be turned against their own infrastructure.” For example, Cobalt Strike is a red-team framework used to emulate cybersecurity threat situations. Threat actors, such as RYUK and FIN12, have abused the tool since its creation a decade ago. Many industries use Cobalt Strike for risk and vulnerability assessments, including the healthcare and public health (HPH) sector. Many cybercriminal actors who primarily focus on the HPH sector exploit Cobalt Strike to conduct their threats. Two actors that leverage Cobalt Strike for their needs are ransomware operators and advanced persistent threats (ATPs).
Tech & Innovation in Healthcare
- Neuroscience:
Block the Brain's CGRP Receptor to Manage Migraine Pain
Monoclonal antibodies can help prevent future episodes. Migraine headaches can be debilitating for some patients, [...] - Information Security:
Boost Your Practice’s Email Security With These 10 Tips
Employ encryption to protect your email. It’s happened to almost everyone — you hear the [...] - Sleep Science:
Provide More Restful Sleep for Your OSA Patients With UAS
Clear the airway without constant air pressure. Obstructive sleep apnea (OSA) is the most common [...] - Reader Question:
HC3 Warns Against Cybersecurity Software Tool Vulnerabilities
Question: Our IT team is planning a simulated cybersecurity attack on our network to assess the [...] - Reader Question:
FDA Approves ALS Drug Funded by Social Media Challenge
Question: I’m always curious if anything ever comes of challenges on social media where participants raise [...] - Reader Question:
Diagnose Concussions Early With VR Goggles
Question: A lot of our patients are athletes who have suffered concussions or other head [...] - Reader Question:
Offer Text to Pay to Receive Patient Payments Sooner
Question: Our practice accepts in-office payments of cash, checks, and credit cards for our patients’ medical [...] - Reader Question:
Surgeons Use VR to Train for Conjoined Twin Separation
Question: I saw your article on VR in Tech & Innovation in Healthcare Volume 2, [...]
