A hospital with 2,000 employees in the EU has implemented Cynet protection throughout its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported on Windows XP and Windows 7 machines. Cynet protections are deployed on most Windows XP and Windows 7 machines during the upgrade process to ensure that legacy operating systems do not introduce vulnerabilities or delay incident response plan activation. increase.
The hospital’s IT security team appreciated this coverage after their previous provider dropped support for Windows XP and Windows 7. “One of the many reasons we chose Cynet was to support legacy Windows machines. Imaging system upgrades are expensive, difficult and time consuming.”
attack
The hospital worked with Cynet to implement advanced authentication for doctors to access systems containing sensitive patient information in the form of USB keys. The USB key contained a hidden partition containing a digital certificate used to digitally sign and record user activity. USB drives can also be used as standard removable media storage for users.
Unfortunately, users were able to use USB keys to save files from any device, and one of the USB keys ended up being infected with malware. The malware was embedded in her JPEG image file among many image files on the USB device. When the doctor used her USB key to get a diagnostic image from his Windows 7 machine, the media portion of the key pushed the infected image onto the machine. The machine was connected to the hospital’s network, which could allow the attacker to move laterally and eventually exfiltrate sensitive data or cause other damage.
Cynet Protections
Luckily, Cynet Protection detected the malicious file instantly and quarantined it before it was executed. This attack does not necessitate the need for multi-layered security, as the device protections in place will detect the malicious code and prevent its execution, even if advanced authentication protection is used to execute the malicious code. is emphasized. It also highlights the importance of a well-prepared incident response plan.
summary
Small and medium-sized hospitals and healthcare facilities continue to rely on traditional Windows operating systems due to the time and cost involved in updating the expensive healthcare systems they manage. However, attackers tend to target systems with “low-hanging fruit”, i.e. weak protections, so it’s important to properly protect your devices. With the right protections and incident response roadmaps, healthcare organizations can maximize the longevity of their highly specialized equipment.
If you found this overview interesting, you can also check out this new WhatsApp channel for cybersecurity peers to seek guidance, discuss experiences, or just vent about your day-to-day work.
