Vigilant Ops Wins Cybersecurity Challenge
Early on the morning of Sunday, September 27, 2020, end users at a United Health Services (UHS) hospital were greeted with locked phones and computer screens hijacked by ransomware. The giant hospital system has reverted back to paper forms, with no electronic access to online patient data, including lab results and historical information. Healthcare workers at the hospitals were told that it would take days to get the systems back online. UHS serves millions of patients through 400 facilities in the U.S. and the U.K.
Authorities have not yet identified the source of the UHS attack, however, there are patterns emerging suggesting Ryuk ransomware, which encrypts the targeted system’s data and demands a ransom to be paid to have the data restored. The Ryuk ransom demands have ranged from around $100K to $500K.
The Ryuk ransomware is not new, and actually first surfaced in 2018. Since then, it has been unleashed mainly on various large organizations, known as “big game hunting”. The Ryuk ransomware can infect the targeted systems in various ways including through phishing emails or vulnerabilities in third -party components or services, such as Remote Desktop Protocol (RDP).
At this time, there is no indication that there has been any compromise to patient safety at the hospital system, but there could very well be an impact as the crisis unfolds. This is a grim reminder of the very recent Dusseldorf University Hospital incident, which we summarized in our report “Ransomware Attack Leads to Fatality”, where ransomware forced patient redirection from the impacted facility, which resulted in a fatality due to a delay in care.
While healthcare organizations are focusing on the global pandemic, they continue to be prime targets for hackers and bad actors. According to various studies, third-party software component vulnerabilities play a big role in enabling these breaches and are nearly invisible to healthcare providers, since they don’t know which components are running in which of their deployed devices.
Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM), which is a monitored list of software components utilized in a medical device, will help mitigate these security issues with third-party components. Agreement among stakeholders, however, does not necessarily translate into immediate adoption. Some of this delayed adoption is due to costs associated with generating, maintaining and sharing SBOMs and the lack of tools to help automate the process. We’re hoping to change that at Vigilant Ops, by offering our InSight Platform to enable medical device manufacturers to automatically generate, maintain and share SBOMs with their healthcare customers.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com
Healthcare Delivery Organizations Gain Visibility into Risk Profile of Deployed Medical Devices. Today, Vigilant Ops, an innovator in medical device cybersecurity, announced the immediate availability of InSight Platform V1 for Healthcare Delivery Organizations, providing HDOs with an automated solution for monitoring the health of their deployed medical devices. The InSight Platform V1 for Medical Device Manufacturers (MDMs) was released on May 11 and provided MDMs an automated solution for generating and maintaining device software bills of materials (SBoMs). With the release of the HDO functionality, these generated SBoMs can be shared with authorized HDOs directly and securely through the platform.
“The Vigilant Ops InSight Platform V1 is the only solution of its kind that brings together both the producer and the consumer of the SBoM on the same platform,” said Ken Zalevsky, CEO at Vigilant Ops and former Head of Medical Device Cybersecurity at Bayer. “Medical device manufacturers generate device SBOMs, and via secure connection, share them with authorized HDOs through the InSight Platform.”
The InSight Platform uses advanced techniques to interrogate medical devices and automatically generate bills of materials. Using artificial intelligence and machine learning, the InSight Platform continuously monitors for vulnerabilities in discovered device components. Thus enabling HDOs and MDMs to gain visibility into risk profile of medical devices and respond proactively to the latest discovered threats.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com
Third-party software component vulnerability exploit causes treatment delay, leading to patient death. Healthcare providers have long been a favorite target for bad actors launching cyberattacks, which usually resulted in the loss of sensitive patient data. A recent cyberattack, however, has resulted in the loss of a patient’s life. On September 10, 2020, Dusseldorf University Hospital reported the first death resulting from a cyberattack. An exploit of a third-party software component vulnerability led to the death of a patient at the hospital.
Dusseldorf University Hospital’s clinical servers were hijacked by a large-scale ransomware attack, causing patients to be moved to other facilities for treatment. A critically ill woman, among those patients being relocated, died before she could be treated.
“The Dusseldorf University Clinic’s systems have been disrupted for a week. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in ‘widely used commercial add-on software’, which it didn’t identify.”1
This troubling report illustrates the critical condition of today’s healthcare security infrastructure, given the heavy reliance on third-party commercial software in medical systems. With no real visibility into the lifecycle of these third-party components, the risk profile of the medical systems is not easily known. The end result is that hospitals are deploying systems as “black boxes”, most of which are connected to networks and some of which come into direct contact with patients. Not knowing what is inside the systems, hospitals are at a disadvantage when it comes to reacting to vulnerability threats, and they end up spending valuable response time chasing down information from manufacturers and public data sources.
Recent developments are looking to address this visibility issue, including the introduction of a Software Bill of Materials, or SBOM. An SBOM is a list of the software components utilized in a finished product, such as a medical device. By providing this transparency, medical device manufacturers are providing a way for hospitals to respond more quickly to reported vulnerabilities.
Some hospitals have begun requesting SBOMs from device manufacturers, and there are various regulatory developments that could speed adoption. In the United States, the Food and Drug Administration (FDA) has drafted guidance recommending the utilization of an SBOM. In addition, other regulatory bodies around the globe have included reference to the SBOM in recently released documentation.
Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM) will help mitigate security issues with third-party components. From a medical device manufacturer’s perspective, the extra effort it takes to generate and maintain SBOMs for their devices can be seen as an investment in brand reputation down the road. As for hospitals, one can easily imagine purchasing processes and decisions reliant on a deeper understanding of device security and SBOM documentation being critical to that decision making.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com
The United States Cybersecurity Solarium Commission (CSC) was formed in 2019 to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber-attacks of significant consequences.”
The CSC published their report to the public on March 11, 2020. The report consists of more than 80 recommendations and more than 50 legislative proposals. Vigilant Ops recently sponsored a webinar during which a summary of the report and potential impacts on the medical device industry was presented. The summary from that webinar can be found here.
The CSC report has been making an impact, with several cybersecurity proposals from the report advancing in both the US House of Representatives and Senate. Some experts are optimistic that most of these legislative proposals will make it into the National Defense Authorization Act (NDAA), which sets the budget and expenditures for US military.
Since the publishing of the final report, the Cybersecurity Solarium Commission has released other material, including a white paper titled “Cybersecurity Lessons from the Pandemic.” The white paper reinforces the recommendations from the final report and adds a few new recommendations as well. Vigilant Ops has drafted a summary of that CSC white paper, which can be found here.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com
On May 11 2020, Vigilant Ops, an innovator in medical device cybersecurity, announced the immediate availability of InSight Platform V1, enabling medical device manufacturers to begin automatically generating, updating, and monitoring device software bills of materials (SBOMs). FDA’s draft version of their premarket guidance refers to these as CBOMs (Cybersecurity Bill of Materials)1, given the original desire to include hardware components in device bills of materials. Since the original draft guidance, FDA and others have begun referring to the documents as SBOMs (Software Bill of Materials) and eliminating the hardware component inclusion. Vigilant Ops will also refer to these device software bills of materials as SBOMs.
“The Vigilant Ops InSight Platform V1 is a game-changer in medical device cybersecurity,” said Ken Zalevsky, CEO at Vigilant Ops and former Head of Medical Device Cybersecurity at Bayer. “Medical device manufacturers are under extreme pressure from customers, prospects, and regulatory bodies to prove the safety and security of their devices. SBOMs are an industry-accepted solution but are very labor-intensive to generate and require continuous monitoring and maintenance. The InSight Platform eliminates this manual generation effort, while providing real-time monitoring of various public vulnerability sources and continuous maintenance of device bills of materials.”
The InSight Platform uses advanced techniques to interrogate medical device and automatically generate SBOMs. Using artificial intelligence and machine learning, the InSight Platform continuously monitors for vulnerabilities in discovered device components, enabling device manufacturers to respond proactively to the latest discovered threats.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com
Hackers are opportunists. Not long after the first case of COVID-19, possibly as early as November 17, 2019, hackers, bad actors and cyberpunks sensed an opportunity. They could be heard echoing the battle cry to never let a crisis go to waste! Long before you heard of Coronavirus, there were plans being formulated to leverage the FUD (Fear, Uncertainty and Doubt) that would inevitably follow. Since the initial outbreaks of COVID-19 in January 2020 over 16,000 new coronavirus-related domains have been registered, about 10 times the average number of new domains over the same time period pre-coronavirus. No doubt, some percentage of these domains have been registered for legitimate business activity, but close to 20% were already deemed to be suspicious or malicious. 1 In this article, we will take a look at COVID-19 impact on the healthcare industry.
Given the general increase in nefarious activity, and the fact that the healthcare industry is currently distracted with this COVID-19 global pandemic, it’s not surprising that hospitals are seeing more suspicious activity, such as phishing emails. By leveraging the urge to act quickly, particularly during a crisis, hackers are counting on human mistakes to enable the spread of misinformation or for a foothold on the hospital network through the inadvertent downloading of malware. Once lodged inside the hospital network, malware can quickly spread, either through additional responses to the phishing attempts or through self-propagation, without additional human interaction.
One of the best defenses against the onslaught of security attacks is system patching. Unfortunately, the lack of system patching, has been implicated in some of the largest data breaches ever recorded. But, to be fair, system patching is difficult to keep up with. Software developers like Microsoft, release software patches in a steady torrent, and IT resources are stretched to stay current. This means that some systems won’t get patched immediately, and some don’t get patched at all. In most healthcare industry, IT staff are at capacity during normal operations, and during a crisis like COVID-19 are dangerously overburdened. Worse than the lack of bandwidth, however, is the lack of visibility.
Medical devices deployed in hospitals are black boxes. In other words, the devices are closed and, for the most part, can’t be modified by the end user. This is for good reason, given the obvious patient safety concerns and regulations. The problem with a closed system that is running software from various manufacturers is that vulnerabilities in any of the installed software components are not easily identified. If you don’t know what software you’re running, you don’t know if you’re vulnerable.
The good news is that this lack of visibility is changing. FDA is working on an update to their Premarket guidance (Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Docket Number – FDA-2018-D-3443), which introduces the concept of a medical device bill of materials. FDA refers to this security document as Cybersecurity Bill of Materials (CBOM), however, the nomenclature is currently shifting to SBOM (Software Bill of Materials) as FDA, and others, have de-prioritized device hardware components in favor of a focus on the software components.
For the most part, the SBOM is being widely accepted as a good step forward for medical device cybersecurity but will require medical device manufacturers to apply resources to generate and maintain. In addition, the continuous monitoring of vulnerabilities in installed software components, especially for a device manufacturer with multiple products and multiple versions of each, can be challenging.
Nonetheless, an updated SBOM enables medical device manufacturers to take a more proactive approach to security patches. By tracking and monitoring the installed software components and associated vulnerabilities, device manufacturers can more quickly prioritize patches and updates. Quicker identification leads to quicker remediation supporting improved release cycles. Automated SBOM solutions enable these more efficient software development lifecycles, which support stronger security profiles of deployed medical devices at hospitals.
In crisis situations, like we are all facing now with COVID-19, having a solid cybersecurity risk mitigation plan, including automated generation, maintenance and sharing of SBOMs, provides much needed peace of mind. So, instead of worrying about the security of their hospital’s medical devices, those on the front lines can focus their energy on treating patients.
Ken Zalevsky
CEO, Vigilant Ops
Former Head of Medical Device Cybersecurity, Bayer
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.
For more information about Vigilant Ops or the InSight Platform, please visit our website at www.vigilant-ops.com
Or drop us an email at: inquiries@vigilant-ops.com