Greebone - Vulnerability Management in Hospitals
Greenbone
Who didn't notice it last year? The sensational hacker attack on the University Hospital Düsseldorf. For over a week, the clinic was unable to admit new patients or perform operations. The attackers got into the clinic's network via an already known vulnerability and were able to take over and encrypt important systems. The fact that the clinic was able to resume normal operations after just one week was only due to the fact that the clinic was attacked by mistake and was not the actual target of the attackers. They actually wanted to hit the Heinrich Heine University. After the attackers learned what was really being attacked, they handed over the decryption codes and ended the attack.
However, not every cybercriminal has this level of ethics not to attack clinics. On 10 February 2016, the Lukas Hospital in Neuss was attacked. The IT was not functional for over a month. The processes in the hospital were massively affected.
A study written by three security researchers from Alpha Strike Labs, the University of the German Armed Forces and Limes Security, to be published in full at NATO's Cycon in May, shows that 36% of 1500 German hospitals were vulnerable in a scan. More than 900 critical vulnerabilities were identified. Comparatively small hospitals were not less secure per se; in fact, large hospitals were often more vulnerable than smaller ones. This means that hospitals that carry out more than 30,000 treatments per year and are classified by the Federal Office for Information Security (BSI) as part of the critical infrastructure (KRITIS) are at great risk.
For example, Windows Server 2003 instances were still active, which have not received any security updates from Microsoft since 2015. This is an invitation for every attacker, as open security gaps cannot be eliminated via updates of the operating system.
Often, many hospitals have a large budget for doctors, but only comparatively little budget remains for the IT departments. Accordingly, the IT departments tend to be understaffed and often cannot take major measures to address structural problems.
The main problem is to know where the weak points are. Networks, also in hospitals, have become larger and more complex over the years.
In the meantime, almost everything in hospitals has been digitalised. From the simple infusion drip, to devices that monitor vital signs, to large devices such as X-ray machines, surgical robots or magnetic resonance tomographs. Electronic files should not be left out of the list either, as they contain extremely intimate details about a person and could possibly be used to blackmail someone. This could be the hospital itself, if the data were encrypted, or the patient, so that any juicy details would not be made public. In addition, there are high penalties for violations of the GDPR if the information is insufficiently protected from unauthorised access.
In order to get an overview of the existing vulnerabilities and possible solutions to either close them or mitigate them with appropriate measures, a vulnerability scanner is a good idea. This can not only create a list of existing assets (devices), but also check them independently for vulnerabilities. This not only gives you an overview of everything that is actually present in the network, but also allows you to see immediately where the shoe pinches.
This does not only have to be unpatched security holes, but also faulty configurations or unchanged standard passwords. The problems found are then categorised according to their severity and a corresponding report is generated.
Scanning can be done in a variety of ways. For example, from the outside in, i.e. from the attacker's point of view. But a scan within the infrastructure is also possible, so that as many systems as possible can be recorded.
These scans can also be carried out automatically at regular intervals so that you are always up to date. This also allows you to see immediately whether the changes made so far have actually been successful. If new devices are integrated into the network in the meantime, or new security vulnerabilities become known, the scan is also extended to these, fully automatically.
We work closely with the manufacturer Greenbone Networks. Greenbone is a German company that was founded in Osnabrück in 2008.
The Greenbone Security Manager, which is developed by Greenbone Networks, is largely open source (GNU GPL). The OpenSource version is known as OpenVAS. Due to this great transparency, this solution also enjoys a high level of trust, as its functionality can be verified by anyone.
The Greenbone Security Manager can scan for over 87,000 different vulnerabilities. It does not matter how many IPs are in your company when it comes to licensing, as licensing is based on the performance of the Greenbone Security Manager.
For example, if you have 10,000 IPs and only want to scan 2,000 IPs every day, you would also only have to license for 2,000 IPs. This is an advantage over other solutions on the market.
The vulnerability manager is available both as a physical appliance and as a virtual machine for the common VM hypervisors.
If you are interested in the Greenbone Security Manager and would like a free initial consultation or even a trial, you can contact us by phone, email or our contact form.