Hospital Networks Are Leaking Data, Leaving Critical Devices Vulnerable

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/2014/06/hospital-networks-leaking-data/

By Kim Zetter
Threat Level
Wired.com
06.25.14

Two researchers examining the security of hospital networks have found 
many of them leak valuable information to the internet, leaving critical 
systems and equipment vulnerable to hacking.

The data, which in some cases enumerates every computer and device on a 
hospital’s internal network, would allow hackers to easily locate and map 
systems to conduct targeted attacks.

In at least one case, a large health care organization was spilling info 
about 68,000 systems connected to its network. At this and every other 
facility that was leaking data, the problem was an internet-connected 
computer that was not configured securely. Quite often, the researchers 
found, these systems also were using unpatched versions of Windows XP 
still vulnerable to an exploit used by the Conficker worm six years ago.

“Now we know all the targeted info and we know that systems that are 
publicly connected to the internet are vulnerable to the exploit,” says 
Scott Erven, one of the researchers, who plans to discuss their findings 
today at the Shakacon conference in Hawaii. “We can exploit them with no 
user interaction… [then] pivot directly at the medical devices that you 
want to attack.”

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/