Top Healthcare Cyber Threats, Vulnerabilities To Watch For

HHS’s Health Sector Cybersecurity Coordination Center's (HC3) monthly bulletin alerted the healthcare sector to today’s top healthcare cyber threats and vulnerabilities to watch out for. BrakTooth vulnerabilities, Conti Ransomware group, and Medusa/TangleBot malware continue to pose significant threats to healthcare organizations, the group said.

The BrakTooth family of vulnerabilities impact Bluetooth-enabled devices and was first discovered by ASSET Research Group in August. The vulnerabilities allow bad actors to initiate Denial-of-Service (DoS) attacks on laptops, smartphones, and other Bluetooth devices.

Preliminary findings indicated that BrakTooth vulnerabilities could impact over 1,400 product listings. The vulnerability poses a significant threat to the healthcare sector due to the nature of DoS attacks, which could crash device firmware and disable Bluetooth connections. HC3 recommended that healthcare organizations reach out to Information Sharing and Analysis Organizations (ISAOs) for assistance.

Conti ransomware is a known threat in the healthcare sector. In February, Conti released two healthcare data dumps on the dark web and has since inflicted attacks upon multiple healthcare institutions and 400 total cyberattacks across the US and internationally. The Cybersecurity and Infrastructure Agency (CISA), the FBI, and the National Security Agency (NSA) released an advisory warning organizations of the group’s capabilities.

Medusa/TangleBot malware continues to pose a threat to healthcare organizations as well. Hackers spread the malware via SMS and are known to target Android users by sending messages related to COVID-19 with malicious links. When clicked, the links deploy malware and begin collecting data. The malware can access its victim’s internet, GPS, and call logs.

“This is concerning if someone in the Healthcare industry’s mobile work device is compromised because once the malware is installed onto a device it can be difficult to detect and remove,” the bulletin explained.

“Currently, warning messages from Android appear to be the best option available to protect mobile devices from infection. HC3 recommends ensuring enterprise Android device users are made aware of this threat and that everyone only clicks links or download applications(apps) that are reputable.”

HC3 also urged the healthcare industry to harden virtual private network (VPN) services, as VPNS are frequently used as entry points into protected networks. The healthcare sector relies on VPN technologies for telemedicine and patient access to health records. The NSA and CISA released a joint information sheet to help organizations manage VPN risk.

Additionally, a new bug in Microsoft Azure’s Active Directory implementation poses risks to the healthcare industry, as it enables a single-factor brute-forcing of an Active Directory instance without requiring authentication. There is currently no patch for this vulnerability.

“This vulnerability is expected to impact the health sector due to the fact that Microsoft Active Directory technology is ubiquitous and, as such, is heavily utilized,” HC3 warned.

“The nature of this vulnerability allows for compromise with minimal possibility of detection and the lack of a patch makes it further challenging, leaving administrators and network defenders with minimal visibility into an attacker's actions.”

HC3 identified additional Microsoft, Adobe, Cisco, Apple, and Google vulnerabilities, some of which have since been patched. As cyberattacks continue, it is more crucial than ever that healthcare organizations remain vigilant against the sector’s top cyber threats.