Download to read offline
Uploaded byJeremiah Grossman
How to Determine Your Attack Surface in the Healthcare Sector
This document provides an analysis of the attack surface for 19 major healthcare organizations based on data collected by Bit Discovery from public sources on the internet. It includes statistics on each organization's total assets, domain names, cloud assets, use of content delivery networks, certificate authorities, expired certificates, geographic distribution, private IP addresses, WordPress vulnerabilities, and recommendations for building a security program around mapping the attack surface.
More Related Content
![[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...](https://cdn.slidesharecdn.com/ss_thumbnails/ckcheninndylinshang-dejiangcb20-210112134635-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to How to Determine Your Attack Surface in the Healthcare Sector
![WhiteHat Security Website Statistics [Full Report] (2013)](https://cdn.slidesharecdn.com/ss_thumbnails/wpstatsreport052013-130502135957-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![WhiteHat’s 12th Website Security Statistics [Full Report]](https://cdn.slidesharecdn.com/ss_thumbnails/wpstatssummer1212th-120702164437-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
How to Determine Your Attack Surface in the Healthcare Sector
- 1. HOW TO DETERMINE YOURATTACK SURFACE IN THE HEALTHCARE SECTOR JANUARY 14, 2021 BIT DISCOVERY
- 2. BIT DISCOVERY Attack Surface Managementthat discovers, learns, and (finally) lets you secure everything. Secure everything.
- 3. •CEO, Bit Discovery •20years in Information Security •Founder of WhiteHat Security •Black Belt in Brazilian Jiu-Jitsu JEREMIAH GROSSMAN
- 4. ASSET ATTACK SURFACE From thenetwork perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset. • a domain name, subdomain, or IP addresses and/or combination thereof, for a device connected to the Internet or internal network. • (an asset) may include, but not limited to, web servers, name servers, IoT devices, or network printers.
- 5. •Shadow Asset: Thespecific asset, as defined by a hostname/IP-address, that’s unknown or uncontrolled by the organization. •Shadow Service: Unknown or uncontrolled services (i.e., open ports) that are actively listening on an asset. •Shadow Software: Unknown or uncontrolled software stack information (i.e., list of installed software and versions) of a listening service on an asset. SHADOWS WITHIN SHADOW-IT
- 6.
- 7. Bit Discovery 2020 FEDERALTRADE COMMISSION, Plaintiff, v. EQUIFAX INC., Defendant.
- 8. Bit Discovery 2020 USE-CASES ATTACKSURFACE MANAGEMENT • Vulnerability & Patch Management • Third-Party Risk Management • Mergers & Acquisition • Cyber-Insurance • Policy & Compliance • Security Ratings • Incident Response • Sales & Marketing Enablement • Investments
- 9. YOU CAN ONLY SECUREWHAT YOU KNOW YOU OWN. BIT DISCOVERY
- 10. •Collect a listall registered IP-ranges and domain names: Most organizations will not have a ready up-to-date list. •Find and scan all subdomains: Assets located on-premise, in the cloud, hosted applications, labelled under of subsidiaries, physically located across distributed data centers, and across non-contiguous IP-ranges. •Collect all meta-data for every asset: software stack, version info, TLS cert info, programming language, open ports, IP geo-location, hosting provider, CDN, etc. •Maintain an up-to-date attack surface map: The asset data for most organizations change between 1-5% monthly. THE ATTACK SURFACE
- 11.
- 12. Bit Discovery 2020 INTERNET “COPY”OF THE • Generated by Bit Discovery and 400 data sources. • WHOIS databases, domain names, ASN, ports, service banners, technology stack, website index page(s), full TLS certificate info, email addresses, password dumps, etc. • Each asset has potentially 115 unique data points. • Each data point updated daily-to-monthly. • Hundreds of snapshots collected over 5 years. Largest Data-Set Of It’s Kind *missing ~30% of the Internet* 4.5 BILLION DNS ENTRIES 200+ INTERNET SNAPSHOTS 515 DATA SOURCES 115 DATA COLUMNS 150 YEARS OF CPU TIME
- 13. BIT DISCOVERY HOSPITALS & HEALTH ATTACKSURFACE MAP ANALYSIS
- 14. The total numberof Internet-connected assets. TOTAL ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10,000 20,000 30,000 40,000 2,839 237 39,956 38 1,752 18 36,639 479 25 22 44 5,293 77 80 22,972 1,010 2,271 795 172
- 15. The total numberof registered domain names. DOMAIN NAMES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 350 700 1,050 1,400 93 3 1,400 2 53 1 444 44 1 2 3 312 5 2 8 37 128 30 6
- 16. The percentage ofcloud-hosted assets including Amazon Web Services, Microsoft Azure, Google App Engine, and others. CLOUD ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 13 25 38 50 14.76 19.41 26.66 7.89 5.31 11.11 20.70 11.69 0.00 0.00 0.00 46.91 0.00 0.00 0.06 1.19 6.16 3.52 1.74
- 17. The percentage ofInternet-accessible assets served by a well-known Content Delivery Network including Akamai, Cloudflare, and Fastly. CDN ASSETS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 0 0 3 24 0 0 0 0 24 0 0 0 0 0 0 4 1 0 0
- 18. The number ofunique Certificate Authorities seen across the Internet- accessible assets. CERTIFICATE AUTHORITIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 10 20 30 40 22 4 39 3 18 2 26 12 1 2 2 37 3 6 5 10 29 9 5
- 19. The number ofexpired TLS Certificates seen across the Internet- accessible assets. EXPIRED TLS CERTS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 50 100 150 200 77 3 110 0 16 0 110 2 0 0 0 196 0 0 0 21 90 9 5
- 20. The number ofcountries hosting Internet-accessible assets. COUNTRIES SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 4 7 11 14 4 6 14 1 5 1 12 6 2 1 1 8 1 1 3 4 9 3 2
- 21. The number ofInternet-connected assets where the hostname resolves to non-route-able RFC-1918 internal IP-addresses. PRIVATE IP-SPACE SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 8 15 23 30 10 0 8 0 2 0 1 0 0 0 0 1 0 0 0 27 8 0 0
- 22. Extremely popular freeand open-source CMS. Wordpress assets scanned with WPScan, which includes vulnerabilities in plug-ins. WORDPRESS VULNS SolutionHealth Parkland Health Fairmont Behavioral Ascension Health Tenet Healthcare Children's Hospital Colorado Tahoe Forest Effingham Health Trinity Health SBH Health Tulsa Bone and Joint Vibra Healthcare Community Health Granville Health Atrium Health Call 4 Health CommonSpirit Health LifePoint health Providence Health 0 45 90 135 180 21 0 172 0 0 0 65 0 0 0 57 0 0 0 0 1 0 0 0
- 23.
- 24. Every security program must begin with an attack surfacemap. Jeremiah Grossman CEO, Bit Discovery • Attack Surface Map • Multi-factor Authentication • Email Security • Routine Backups • Wire Transfer Verification • Password Management
- 25.