Sunday, March 24, 2024

Chicago Children's Hospital Targeted

 

There’s been a lot written about medical facilities being targeted and compromised over the last five years. The compromises have varied with their penetration into the network and data. The greater the attack’s expanse, the more potential for patient suffering. In late January/early February, Lurie Children’s Hospital system was compromised. This was rather significant with their phones, email, internet service, and medical equipment affected. These systems are in different operational areas in their network, which indicates this was a bit more than the usual attack. The department for penetration in the different systems is notable.

The timeframe for the affected systems was relatively short, at two days. This was still devastating for the staff and patients. The situation was further complicated by the data from the operations that did continue having to be merged into existing data sets.

With hospitals holding so much valuable data, this trend will continue if not grow. There is ample to do with all the patient PII, insurance information, medical history, and other data the hospitals have accumulate every day.

To rebound from this is much more than getting the systems up. The security staff needs to also understand the attack vector and how it was implemented, what systems were breached (not only the ones that were overly noticed), and what data was accessed.

The hospital has much work to do with the incident response. This unfortunately is a prime example of what can happen. Systems need not only be secured but monitored and the tooling reviewed at a regular cadence. Just like the industry is dynamic, so is the tolling. There may be better options or configurations available in the next review cycle.

 


Services 

Enterprise and Embedded System Cybersecurity Engineering & Architecture


Red Team Product Pentesting   |   HW & SW BoMs  |   CBoM  | 

Vulnerability Management   |   Tabletop Exercises (TTX)   | 

Embedded Systems Architecture   |   Threat Intelligence   | 

TARA (Threat Assessment and Remediation Analysis) |

Supply Chain Cybersecurity Review 

Reverse Engineering


 charles.parker@mielcybersecurity.net 810-701-5511


Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)