Vigilant Ops Announces Partnership with BeanStock Ventures

Category

News & Events

Massive Ransomware Assault on Healthcare

| vigilantops | ,

CISA (Cybersecurity & Infrastructure Security Agency), the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) jointly released a cybersecurity advisory on October 28, 2020 warning of an imminent cybercrime threat to healthcare providers. Since the original release, the warning has been revised to include additional information. The advisory, Alert (AA20-302A) can be found here.

 Authorities have claimed this to be one of the most significant cybersecurity threats “…we have ever seen in the United States.”  This attack represents the latest salvo against hospitals which have been the hardest hit with ransomware attacks. In a ransomware attack, critical data is encrypted, rendering it not usable, until a ransom is paid. Most hospitals are eager to get back up and running, working hard to minimize the impact to patient care, so they are sometimes more likely to pay the ransom than other targeted businesses.

Cyber attacks targeting patient data systems, like Electronic Health Records, on average, cause 15 days of patient data system disruption.  In some cases, clinicians were without system access for much longer. For example, the Universal Health Services attack, that we summarized and posted recently, left hospital crew without access to patient data for more than three weeks.

Cybercrime threat to healthcare providers, costs our healthcare system tens of millions of dollars annually. A typical ransom could be several hundred thousand dollars, while some have been more than $5 million.

We highly recommend reviewing the published alert as it contains technical details about the threat, as well as details about how the malware replicates, including which files to be on the lookout for and various attack techniques.

In addition to the publicly available resources, Vigilant Ops is here to help protect your deployed medical devices, and we are available for a free cybersecurity consultation anytime. Please reach out using any of the contact information below.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

U.S. Treasury Department Warns of Possible Violations

| vigilantops | ,

Paying ransomware hackers could run afoul of anti-money laundering regulations. The Financial Crimes Enforcement Network (FinCEN) issued an advisory that, depending on the circumstances, facilitating ransomware payments to cyber-criminals could constitute money transmission, thus violating anti-money laundering regulations. In addition, the Office of Foreign Assets Control (OFAC) issued an advisory that engaging in transactions, such as ransomware payments, with individuals or entities on their Specially Designated Nationals and Blocked Persons List is a sanctions violation and could result in civil penalties.

To be fair, OFAC does publish a list of sanctioned entities, and they advise victim organizations to check this list prior to paying any ransom. The challenge in this case is in the identification of the hacker organizations, whose identity is not usually known to the ransomware victims.

The two most common forms of ransomware attacks come in the forms of phishing emails and poorly secured Remote Desktop Protocol (RDP). The latter is especially troubling given the dramatic increase in remote workers and the resulting loss of secure control of the working environment.

It’s fairly well-known that third-party software component vulnerabilities, like RDP, play a big role in enabling ransomware attacks, but organizations can take some proactive steps to help decrease the likelihood that they will fall victim to such attacks by implementing or maintaining processes that monitor third-party components, their vulnerabilities and available security patches.

Requesting a Software Bill of Materials (SBOM) from vendors, which is a monitored list of third-party software components utilized in their product, will provide needed transparency and will make the task of monitoring product components much more efficient. Of course, end-user training is always recommended, given that human error is still a huge contributor in facilitating unwanted access to networks and systems.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Universal Health Services (UHS) Hit by Ransomware Attack

| vigilantops |

Early on the morning of Sunday, September 27, 2020, end users at a United Health Services (UHS) hospital were greeted with locked phones and computer screens hijacked by ransomware. The giant hospital system has reverted back to paper forms, with no electronic access to online patient data, including lab results and historical information. Healthcare workers at the hospitals were told that it would take days to get the systems back online. UHS serves millions of patients through 400 facilities in the U.S. and the U.K.

 Authorities have not yet identified the source of the UHS attack, however, there are patterns emerging suggesting Ryuk ransomware, which encrypts the targeted system’s data and demands a ransom to be paid to have the data restored. The Ryuk ransom demands have ranged from around $100K to $500K.

The Ryuk ransomware is not new, and actually first surfaced in 2018. Since then, it has been unleashed mainly on various large organizations, known as “big game hunting”. The Ryuk ransomware can infect the targeted systems in various ways including through phishing emails or vulnerabilities in third -party components or services, such as Remote Desktop Protocol (RDP).

At this time, there is no indication that there has been any compromise to patient safety at the hospital system, but there could very well be an impact as the crisis unfolds. This is a grim reminder of the very recent Dusseldorf University Hospital incident, which we summarized in our report “Ransomware Attack Leads to Fatality”, where ransomware forced patient redirection from the impacted facility, which resulted in a fatality due to a delay in care.

While healthcare organizations are focusing on the global pandemic, they continue to be prime targets for hackers and bad actors. According to various studies, third-party software component vulnerabilities play a big role in enabling these breaches and are nearly invisible to healthcare providers, since they don’t know which components are running in which of their deployed devices.

Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM), which is a monitored list of software components utilized in a medical device, will help mitigate these security issues with third-party components. Agreement among stakeholders, however, does not necessarily translate into immediate adoption. Some of this delayed adoption is due to costs associated with generating, maintaining and sharing SBOMs and the lack of tools to help automate the process. We’re hoping to change that at Vigilant Ops, by offering our InSight Platform to enable medical device manufacturers to automatically generate, maintain and share SBOMs with their healthcare customers.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Vigilant Ops Announces Availability of InSight Platform V1 for HDOs

| vigilantops | ,

Healthcare Delivery Organizations Gain Visibility into Risk Profile of Deployed Medical Devices. Today, Vigilant Ops, an innovator in medical device cybersecurity, announced the immediate availability of InSight Platform V1 for Healthcare Delivery Organizations, providing HDOs with an automated solution for monitoring the health of their deployed medical devices.  The InSight Platform V1 for Medical Device Manufacturers (MDMs) was released on May 11 and provided MDMs an automated solution for generating and maintaining device software bills of materials (SBoMs).  With the release of the HDO functionality, these generated SBoMs can be shared with authorized HDOs directly and securely through the platform.

“The Vigilant Ops InSight Platform V1 is the only solution of its kind that brings together both the producer and the consumer of the SBoM on the same platform,” said Ken Zalevsky, CEO at Vigilant Ops and former Head of Medical Device Cybersecurity at Bayer. “Medical device manufacturers generate device SBOMs, and via secure connection, share them with authorized HDOs through the InSight Platform.”

The InSight Platform uses advanced techniques to interrogate medical devices and automatically generate bills of materials. Using artificial intelligence and machine learning, the InSight Platform continuously monitors for vulnerabilities in discovered device components. Thus enabling HDOs and MDMs to gain visibility into risk profile of medical devices and respond proactively to the latest discovered threats.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

Ransomware Attack Leads to Fatality

| vigilantops |

Third-party software component vulnerability exploit causes treatment delay, leading to patient death. Healthcare providers have long been a favorite target for bad actors launching cyberattacks, which usually resulted in the loss of sensitive patient data. A recent cyberattack, however, has resulted in the loss of a patient’s life. On September 10, 2020, Dusseldorf University Hospital reported the first death resulting from a cyberattack.  An exploit of a third-party software component vulnerability led to the death of a patient at the hospital.

 Dusseldorf University Hospital’s clinical servers were hijacked by a large-scale ransomware attack, causing patients to be moved to other facilities for treatment. A critically ill woman, among those patients being relocated, died before she could be treated.

“The Dusseldorf University Clinic’s systems have been disrupted for a week. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in ‘widely used commercial add-on software’, which it didn’t identify.”​1​

This troubling report illustrates the critical condition of today’s healthcare security infrastructure, given the heavy reliance on third-party commercial software in medical systems. With no real visibility into the lifecycle of these third-party components, the risk profile of the medical systems is not easily known. The end result is that hospitals are deploying systems as “black boxes”, most of which are connected to networks and some of which come into direct contact with patients. Not knowing what is inside the systems, hospitals are at a disadvantage when it comes to reacting to vulnerability threats, and they end up spending valuable response time chasing down information from manufacturers and public data sources.

Recent developments are looking to address this visibility issue, including the introduction of a Software Bill of Materials, or SBOM.  An SBOM is a list of the software components utilized in a finished product, such as a medical device. By providing this transparency, medical device manufacturers are providing a way for hospitals to respond more quickly to reported vulnerabilities.

Some hospitals have begun requesting SBOMs from device manufacturers, and there are various regulatory developments that could speed adoption. In the United States, the Food and Drug Administration (FDA) has drafted guidance recommending the utilization of an SBOM. In addition, other regulatory bodies around the globe have included reference to the SBOM in recently released documentation.

Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM) will help mitigate security issues with third-party components. From a medical device manufacturer’s perspective, the extra effort it takes to generate and maintain SBOMs for their devices can be seen as an investment in brand reputation down the road. As for hospitals, one can easily imagine purchasing processes and decisions reliant on a deeper understanding of device security and SBOM documentation being critical to that decision making.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]

  1. 1.
    German hospital hacked, patient taken to another city dies. ABC News. https://abcnews.go.com/International/wireStory/german-hospital-hacked-patient-city-dies-73069416

Cyberspace Solarium Commission – A Public-Private Brainstorming Initiative

| vigilantops |

The United States Cybersecurity Solarium Commission (CSC) was formed in 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber-attacks of significant consequences.”

The CSC published their report to the public on March 11, 2020. The report consists of more than 80 recommendations and more than 50 legislative proposals. Vigilant Ops recently sponsored a webinar during which a summary of the report and potential impacts on the medical device industry was presented. The summary from that webinar can be found here.

The CSC report has been making an impact, with several cybersecurity proposals from the report advancing in both the US House of Representatives and Senate.  Some experts are optimistic that most of these legislative proposals will make it into the National Defense Authorization Act (NDAA), which sets the budget and expenditures for US military.

Since the publishing of the final report, the Cybersecurity Solarium Commission has released other material, including a white paper titled “Cybersecurity Lessons from the Pandemic.” The white paper reinforces the recommendations from the final report and adds a few new recommendations as well. Vigilant Ops has drafted a summary of that CSC white paper, which can be found here.

Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.

For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: [email protected]