Tag: Healthcare

  • Why We Always Harp on Healthcare

    Over the years, we’ve posted several times about the need for pentesting and a focus on security in the healthcare industry. Healthcare security may start with HIPAA regulations, but, in the end, it all comes down to protecting patients and the healthcare workers – from doctors to nurses to insurance offices, administrative staff, and everyone else who gives their all so that you and your family members are safe to focus on healing.

    Getting Better, But There’s More to Do

    Years ago, when I was still on the pentest team at Raxis, I recall walking through hospital patient floors during physical social engineering engagements. I’d put on the scrubs that I bought at Walmart, and even though they often didn’t match the scrubs the other nurses and doctors wore, I never got stopped while wearing them.

    I took papers off printers (to photograph for my report and return) and sat down at computer workstations to learn the software available since the systems weren’t locked. I walked through all levels of the hospital that were in scope for the test, using elevators and stairwells without finding a locked door and without being questioned.

    In this short video, Raxis CEO Mark Puckett speaks about healthcare pentests he’s performed in the past and how the vulnerabilities we find concern us all.

    More recently we’ve found hospitals more likely to automatically lock workstations, but with the shortage of healthcare workers and no short-supply of emergency situations, we want to give the healthcare industry every possible advantage to stay secure.

    STILL MORE TO DO

    Just as hackers are constantly changing and discovering new ways to attack, Raxis also changes in order to keep our customers secure in this ever-changing environment. We offer several options for the healthcare industry, and we created our newest option, PTaaS (Penetration Testing as a Service), in order to help our customers who have their eye on the strongest security possible today.

  • When There’s More than Money on the Line

    In our line of work, reading about the latest cybersecurity breach instinctively raises the questions of how many records were lost or how much money did it cost to recover. Hackers are most always after the big payoff, either directly or indirectly, so we’re conditioned to think mainly in terms of economic losses, privacy issues, or damage to a company’s reputation. However, as more and more devices are connected to the Internet, the stakes can be much higher.

    Computer Weekly reported in June that cyberattacks against healthcare facilities had increased 15-fold between January and March of 2020 — coinciding with the COVID-19 outbreak. Think about that for a second. With our hospitals and medical personnel facing a global pandemic with overburdened resources, the bad guys seized the opportunity to ramp up their attacks. Not only hospitals, but the US Department of Health and Human Services (HHS) and the World Health Organization (WHO) were targets as well.

    Although we at Raxis enjoy our jobs, we never forget the true nature of the people we’re trying to stop. And we always remember the hard-working people we’re trying to help.

    One such person is my friend, Judy Chang, a senior nurse in a local hospital’s neonatal intensive care unit (NICU). As I thought about the potential impacts of a major health care breach, I thought it might be a good idea to introduce Judy to our friends and readers, so I set up a conversation with this front-line hero who works with some of the most vulnerable patients anywhere — the newborn babies who need intensive care in the first hours and days of their lives.

    I encourage you to watch the interview and hear Judy describe her work to help these struggling infants. As you do, consider the impacts of a cyber breach that impacts her team and the sensitive equipment they rely on. As much as I enjoy my work, her story helps me remember that cybersecurity doesn’t just protect networks — it also protects innocent lives.