Defending Healthcare: Trustwave’s Dedication to Fight Cyber Threats to Patient Safety

August 15, 20244 Minute Read

Hospitals face a challenging dilemma: delivering the highest quality of medical care while shielding patient and family data from ever-evolving cyber threats, all while ensuring that critical operations continue uninterrupted.

At Trustwave, we understand the immense pressure hospitals are under and are dedicated to creating a safer digital environment where healthcare providers can thrive, and patients receive the uncompromised care they deserve.

Our mission is straightforward yet crucial. We're committed to supporting hospitals in delivering exceptional patient care by managing the protection of their sensitive data and safeguarding their operational integrity. This includes preventing disruptions from ransomware, mitigating device vulnerabilities, and ensuring that facilities remain up and running smoothly. Our goal is to allow hospitals to stay focused on providing high-quality care without being burdened by cybersecurity threats or operational downtime.

The stakes in healthcare are undeniably high. Cybercriminals are willing to risk people's health, and even their lives, for a possible payout. While some threat groups pay lip service to not attacking hospitals, the reality is threat groups are like cancer. Cancer cells have no compunction about attacking and destroying a body; in the same manner, threat groups are willing to degrade a hospital's ability to care for its patients without any worry about their well-being.

Both the Ascension and the Change Healthcare ransomware attacks earlier this year, show the wide-ranging damage possible from just a single cyberattack. While the full extent of the Ascension breach is still under investigation, it has majorly disrupted services and prompted lawsuits against the company.

Change Healthcare's parent company UnitedHealth was summoned by the US Senate Oversight and Investigations Subcommittee to explain the events leading up to and during the Change Healthcare cyberattack. During the session, Witty revealed that a "substantial portion" of Americans were affected by the Change Healthcare breach in February 2024, potentially impacting a third of the US population, approximately 110 million people. This incident is the largest breach in the Department of Health & Human Services' history.

The potential danger posed by these attacks shows there is little doubt this threat will increase. Medical records are simply too valuable to criminals who, after exfiltrating them from a target, will attempt to sell the information on the Dark Web. Here, buyers will take protected health information (PHI) and use it to conduct additional attacks.

Trustwave is here to protect healthcare facilities in much the same manner as medical teams are in place to protect and heal their patients. Specialists treat a sick or injured individual with years of experience handling specific issues.

Trustwave has experts ranging from our elite SpiderLabs research team that is constantly on the watch for new threats, to pentesters and Red Teamers who can help an organization see itself from an attackers' lens, to analysts operating our Managed Detection and Response (MDR) solution, ensuring attackers are kept at bay, and a world-class database protection solution, Trustwave DbProtect that proactively highlights sensitive data locations, and offers continuous data protection, rights management, remediation guidance, and active response capabilities.

Trustwave is a leading provider of healthcare security solutions, specializing in safeguarding critical patient and family healthcare data. Trustwave's built-in policies target common threat vectors such as weak password management and outdated software, which pose significant risks to complex EHR systems. Given the limited time available for security measures in such critical environments, Trustwave has developed DbProtect to proactively identify sensitive data and high-risk vulnerabilities. By pinpointing these threats, organizations can rapidly implement security controls and prioritize remediation efforts beyond traditional vulnerability patching.

Trustwave's MDR solution identifies, isolates, and contains threats before damage is done, leveraging advanced technology to stay ahead of evolving cyber threats. Complementing this, our human-led, behavior-based threat hunting proactively seeks out threat actors operating in an environment, even those evading conventional cyber defenses.

Trustwave's offensive security services simulate real-world attacks to uncover vulnerabilities before they can be exploited. This proactive approach, including penetration testing and Red Team exercises, strengthens overall security posture without compromising system integrity.

If an incident does take place, our Digital Forensics and Incident Response (DFIR) teams can help with recovery and remediation.

Patient Safety is a Priority

Trustwave takes the responsibility of maintaining the security of medical facilities very seriously, and we do not stop looking for potential security issues at the hospital's front door.

Here are two examples of how Trustwave SpiderLabs' offensive security mindset helps leave no stone unturned regarding security.

In the first case, the team found that a medical device maker recommended users of its EEG device keep the weak default administrator credentials, which could lead to a remote code execution vulnerability.

This issue was uncovered while Trustwave was conducting internal network testing and came across a document titled "XL Security Site Administrator Reference.pdf" for the EEG device. In the document, the manufacturer recommends keeping the weak admin passwords that came with the device, noting that if they were changed in this case, any creation of virtual servers or new database resources would fail.

The second finding was even more severe and possibly led to lives being saved.

After successfully completing a Red Team exercise with an Australian healthcare provider, the client opted for Trustwave to conduct penetration tests of several medical devices, including an insulin pump that patients can take home and connect to their home network, allowing a medical team to monitor and adjust their treatment.

The pentesters found the pump had several vulnerabilities consistent with other Internet of Things (IoT) devices, such as poor network segmentation and weak login credentials. These vulnerabilities allowed the team to intercept and manipulate data being transmitted over the wireless network, interfere with the dosage volume and frequency, interrupt the device's general processes, leverage access to the insulin pump to gain access into the patient's home environment, and use that access to obtain entry into the hospital's IT environment.

Trustwave instructed the client on how to harden these devices pre-deployment to ensure patient safety.

Examining Cybersecurity in the Healthcare Industry

Trustwave is passionate when it comes to protecting the healthcare sector and takes on a macro level of responsibility when it comes to our work in this industry. One result of this commitment was the recent Trustwave SpiderLabs report Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape.

This extensive and in-depth research examines every angle and aspect of how threat actors choose targets, gain entry, exploit, and exfiltrate data from healthcare organizations, and offers mitigations across the attack cycle.

The staggering number of data breaches and the potential danger posed by attacks in healthcare underscore the urgent need for comprehensive cybersecurity measures within the industry. Trustwave's commitment to safeguarding medical facilities, coupled with our thorough analysis of threat actors' tactics, provides valuable insights into addressing and mitigating these vulnerabilities. By remaining proactive and vigilant, healthcare organizations can fortify their defenses and protect both patient data and safety from malicious cyber threats.

Trustwave's mission is not just about cybersecurity; it's about ensuring that organizations can focus on their true mission- for healthcare, that's caring for patients and their families. By aligning our efforts with the needs of the healthcare industry, we contribute to a safer, more secure environment where healthcare providers can thrive, and patients can receive the care they deserve without compromise.

Harris-Trump Presidential Election: Looking at the Threats and Cybersecurity Challenges

Balancing Escalating Security Concerns While Pursuing Business Innovation

Unleashing the Power of Microsoft Security with Trustwave