http://www.wired.com/2014/06/hospital-networks-leaking-data/
By Kim Zetter
Threat Level
Wired.com
06.25.14
Two researchers examining the security of hospital networks have found
many of them leak valuable information to the internet, leaving critical
systems and equipment vulnerable to hacking.
The data, which in some cases enumerates every computer and device on a
hospital’s internal network, would allow hackers to easily locate and map
systems to conduct targeted attacks.
In at least one case, a large health care organization was spilling info
about 68,000 systems connected to its network. At this and every other
facility that was leaking data, the problem was an internet-connected
computer that was not configured securely. Quite often, the researchers
found, these systems also were using unpatched versions of Windows XP
still vulnerable to an exploit used by the Conficker worm six years ago.
“Now we know all the targeted info and we know that systems that are
publicly connected to the internet are vulnerable to the exploit,” says
Scott Erven, one of the researchers, who plans to discuss their findings
today at the Shakacon conference in Hawaii. “We can exploit them with no
user interaction… [then] pivot directly at the medical devices that you
want to attack.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
