Medical Web Experts Security Bulletin: September 2021

Pablo Bullian

Pablo Bullian

Posted on September 02, 2021

Infusion Pump Hack Could Allow Attackers to Change Meds Administered to Patients

Researchers at McAfee uncovered a hack that allows attackers to take control of B. Braun infusion pumps, which are used in hospitals around the world. The attack requires physical network access to gain access to the SpaceStation, which could manage one or more pumps through one of its network-exposed endpoints. This could potentially lead to disastrous situations wherein patients are over-administered, or not administered, the drugs they need. The FDA is already reviewing this with McAfee as well as the provider in order to patch the vulnerabilities.

FBI Releases Guide on Indicators of Compromise from Ransomware

The OnePercent ransomware group, which is linked to use of the legitimate security tool Cobalt Strike for malicious purposes, is one of the largest hacking groups attacking US companies since November of last year. The FBI released a list of indicators of compromise, as well as some mitigation measures (which we’ve already recommended implementing in past security bulletins!) – such as maintaining offsite or offline backups, patching servers, periodically reviewing administrator account actions and privileges, and educating the workforce about phishing and the threats it poses.

T-Mobile Breached; 100 Million Accounts Exposed

T-Mobile confirmed that an attack was made on their infrastructure. Though they didn’t confirm in their official release whether personal data was exposed, news outlet Motherboard reviewed some leaked data on the dark web and confirmed that personal data of clients was being sold. Telecommunications infrastructure has been a prime target for state-backed hacking groups in the past few years, as has healthcare – so it’s important to have a good security strategy in place, as well as controls to match your organization’s needs.

Two Healthcare Organizations Hit by Ransomware

A healthcare organization from Ohio, and another from Nevada, have been hit by ransomware in recent months. One of these organizations was in negotiations with the hacking group to recover its information after the attack. ​​Experts followed the trail to the dark web, where they found some of the information being leaked, including individuals’ names, addresses, dates of birth, Social Security numbers, and clinical information (such as history, diagnoses, and test results).

Ransomware is a complex threat that requires the full attention of your organization’s IT security experts. Keeping offsite backups and disaster recovery sites can ensure operational continuity in the event of an attack.

Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.