Successfully reported this slideshow.
Your SlideShare is downloading. ×

The Attack Surface of the Healthcare Industry

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 28 Ad

The Attack Surface of the Healthcare Industry

Download to read offline

Paubox SECURE @ Home 2020
Virtual Healthcare Cybersecurity & Innovation Conference

October 21 - 22, 2020

https://www.paubox.com/blog/jeremiah-grossman-confirmed-to-speak-at-paubox-secure/
https://try.paubox.com/paubox-secure-2020

Paubox SECURE @ Home 2020
Virtual Healthcare Cybersecurity & Innovation Conference

October 21 - 22, 2020

https://www.paubox.com/blog/jeremiah-grossman-confirmed-to-speak-at-paubox-secure/
https://try.paubox.com/paubox-secure-2020

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to The Attack Surface of the Healthcare Industry (20)

Advertisement

More from Jeremiah Grossman (20)

Recently uploaded (20)

Advertisement

The Attack Surface of the Healthcare Industry

  1. 1. THE ATTACK SURFACE OF THE HEALTHCARE INDUSTRY OCTOBER 21, 2020 BIT DISCOVERY
  2. 2. •CEO, Bit Discovery •20 years in Information Security •Founder of WhiteHat Security •Black Belt in Brazilian Jiu-Jitsu JEREMIAH GROSSMAN
  3. 3. Coalition serves over 25,000 small and midsize organizations across every sector of the US and Canada. Report covers not just “breaches,” but breaches resulting in material harm.
  4. 4. IMPORTANCE ASSET INVENTORY
  5. 5. Bit Discovery 2020 FEDERAL TRADE COMMISSION, Plaintiff, v. EQUIFAX INC., Defendant.
  6. 6. Bit Discovery 2020 USE-CASES ASSET INVENTORY • Vulnerability & Patch Management • Third-Party Risk Management • Mergers & Acquisition • Cyber-Insurance • Policy & Compliance • Security Ratings • Incident Response • Sales & Marketing Enablement • Investments
  7. 7. BIT DISCOVERY THE DATA ABOUT
  8. 8. Bit Discovery 2020 INTERNET “COPY” OF THE • Generated by Bit Discovery + 400 data sources. • WHOIS databases, domain names, ASN, ports, service banners, technology stack, website index page(s), full TLS certificate info, email addresses, password dumps, etc. • Each asset has potentially 115 unique data points. • Each data point updated daily-to-monthly. • Hundreds of snapshots collected over 5 years. Largest Data-Set Of It’s Kind *missing ~30% of the Internet* 4.5 Billion DNS Entries 200+ INTERNET SNAPSHOTS 515 DATA SOURCES 115 DATA COLUMNS 150 YEARS OF CPU TIME
  9. 9. INVENTORY ANALYSIS BIT DISCOVERY
  10. 10. Bit Discovery 2020 INSIGHTS What do you want to know? • How many websites, VPNs, mail servers, DNS servers, SSH servers, etc.? • How many of what assets are “in the cloud” or use a particular CDN? • How many assets have expired or soon-to-be expired TLS certificates? • What asset are using or NOT using PHP, Drupal, Citrix, F5, Wordpress, etc.? • In what countries are assets located? • What assets or services should probably not be externally exposed (RDP, MySQL, Dev/ Staging)? By Organization By Industry Your Inventory
  11. 11. Bit Discovery 2020 ASSET as·set | ˈaset | noun a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. • (an asset) may include, but not limited to, web servers, name servers, IoT devices, or network printers.
  12. 12. Total Assets (hospitals & health) The total number of Internet-connected assets globally. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 30,000 60,000 90,000 120,000 1,897 1,883 183 10,594 749 10,594 356 3,506 788 1,910 104,605
  13. 13. Total Assets (Healthcare) The total number of Internet-connected assets globally. Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 30,000 60,000 90,000 120,000 21,360 108,759 18,645 6,360 43,153 19,900 22,819 70,645 10,020
  14. 14. Domain Names The total number of registered domain names. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 1,500 3,000 4,500 6,000 107 90 3 1,286 50 1,286 36 307 38 123 5,264 Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 1,500 3,000 4,500 6,000 808 5,615 204 404 953 1,434 1,086 663 523 Hospitals & Health Healthcare
  15. 15. Cloud Assets The percentage of Internet-accessible and cloud-hosted assets. Cloud providers include Amazon Web Services, Microsoft Azure, Google App Engine, and others. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 0 0 0 1 15.40% 16.78% 24.59% 15.40% 7.88% 15.40% 14.04% 32.94% 0.63% 5.18% 53.70% Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 0 0 1 1 8.54% 6.26% 83.91% 15.30% 1.17% 10.82% 5.01% 2.83% 44.26% Hospitals & Health Healthcare
  16. 16. CDN Assets The percentage of Internet-accessible assets being served by a well-known Content Delivery Network. CDNs include Akamai, Cloudflare, Fastly, and others. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 0 0 0 0 1.05% 0.74% 0.00% 8.14% 0.27% 8.14% 0.00% 1.23% 4.06% 1.36% 0.19% Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 0 0 0 0 1.59% 3.38% 0.19% 1.45% 0.33% 0.02% 10.54% 0.59% 2.94% Hospitals & Health Healthcare
  17. 17. Certificate Authorities The number of unique Certificate Authorities seen across the Internet-accessible assets. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 13 25 38 50 22 19 4 27 7 27 5 25 9 27 46 Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 28 55 83 110 47 106 24 37 42 45 60 48 50 Hospitals & Health Healthcare
  18. 18. Expired TLS Certs The number of expired TLS Certificates seen across the Internet-accessible assets. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 30 60 90 120 59 55 5 103 10 103 1 81 17 63 97 Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 175 350 525 700 243 433 14 556 107 88 614 221 264 Hospitals & Health Healthcare
  19. 19. Countries Hosting The number of countries hosting Internet-accessible assets. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 4 8 12 16 6 3 4 9 2 9 3 8 4 8 16 Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 6 12 18 24 16 20 10 23 15 13 17 11 18 Hospitals & Health Healthcare
  20. 20. Private IP-Space The number of Internet-connected assets where the hostname resolves to non-route-able RFC-1918 internal IP-addresses. HCA Ascension Tenet Trinity Vibra Community Health Atrium CommonSpirit LifePoint Providence MEDIAN 0 8 15 23 30 4 3 0 5 2 5 0 1 25 8 30 Cardinal Kaiser McKesson Anthem CVS Cigna Humana UnitedHealth MEDIAN 0 175 350 525 700 42 408 3 9 98 8 691 15 68 Hospitals & Health Healthcare
  21. 21. Wordpress (Healthcare) Extremely popular free and open-source content management system. Wordpress assets scanned with WPScan, which includes vulnerabilities in WordPress plug-ins. Total (Median) WordPress Websites Total (Median) WordPress Vulnerabilities Total (Median) WordPress Websites with at least 1 vulnerability Median # of Vulnerabilities per Wordpress website Hospitals & Health 17 0 0 0 Healthcare 70 106 5 16
  22. 22. GUIDANCE
  23. 23. Every security program must begin with an asset inventory. Jeremiah Grossman CEO, Bit Discovery • Asset Inventory (Attack Surface Map) • Multi-factor Authentication • Email Security • Routine Backups • Wire Transfer Verification • Password Management
  24. 24. BIT DISCOVERY
  25. 25. Bit Discovery 2020 CAVEATS Data Collection: • Our Internet scanners sometimes use ANY type lookups and not all service providers support ANY type DNS lookups (i.e. Cloudflare) • Round Robin DNS sometimes finds a lot of assets, sometimes a little, and changes frequently. • DNS servers and resolvers sometimes experience outages. • DNS responses may exceed TTL. • DNS servers may selectively block requests. Issues with Organization Asset Inventory: • Assets with subdomains within the ownership of a third- party domain (e.g. <company>.wpengine.com, <company>.salesforce.com, etc.) may cause issues. • Assets not listed on certificate transparency and/or doesn’t have a public DNS entry (e.g. they'll use internal DNS and a self-signed cert). • DNS errors falling outside the RFC standard, "example_site.com" (~1%) • Wildcard (*) DNS entries. • DNS providers respond with erroneous information due to breach. • WHOIS redaction due to GDPR.

×