The cybersecurity world has placed a good deal of attention on malware such as the Black Lotus bootkit, and the Android-based bank credential-stealing malware Xenomorph. As these large threats loom, we are reminded about one of the most vulnerable industries, where application and platform security are essential, healthcare. According to a Check Point Research (CPR) report, cyberattacks on healthcare organizations increased by 60% in 2022, to a rate of 1,426 attacks per week. Understandably ransomware seems to be the most desirable type of these attacks, where heavy reliance on data through networked systems and the privacy requirements of that data are paramount. January 28, 2023, Zoll, a maker of wearable defibrillators, fell victim to an attack where the personal records of over 1 million people were stolen.

Healthcare IT Ecosystem Vulnerabilities are Expanding

The healthcare industry has been steadily expanding its IT footprint, bringing more and more devices online and collecting and analyzing critical data. This effort accelerated during the COVID pandemic, where telehealth appointments, remote patient monitoring services, and amended insurance offerings were able to extend quality care to consumers at a quicker and less-expensive rate. This rapid expansion, however, has created more vulnerabilities. Additionally, the use of third parties in the healthcare IT infrastructure has opened the door for more cyberattacks.

Vulnerability in Healthcare Data Centers  

More recently Healthcare data centers have had attacks occur on their foundational technology, on server motherboard firmware. As reported by firmware and supply chain security company Eclypsium in June 2022 through a series of leaked chats. the Conti ransomware gang was trying to gain access to the Serial Peripheral Interface (SPI) bus, through Intel ME firmware “to gain indirect access to the UEFI/BIOS, drop additional payloads, and gain runtime control of the system below the operating system using System Management Mode (SMM).” The report goes further to involve the Russian Foreign Service Bureau (FSB) as a beneficiary.

Vulnerability in Connected Medical Devices

According to a Healthcare Innovation report, data shows that 53 percent of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. And these vulnerabilities are increasingly happening in the foundational technology of the healthcare components. One example was a firmware vulnerability found uncovered in the control panel of Swisslog Healthcare’s Translogic Pneumatic Transport System (PTS) in August 2021. A vulnerability known as “PwnedPiper” was able to infiltrate and allow for unauthenticated and unencrypted firmware updates. The attacker could then take over a hospital’s entire PTS, shutting down a critical system for transporting medication, blood, and lab samples.

Protection of Healthcare IT at Its Foundation

In order to prevent such cyberattacks through firmware, healthcare providers should incorporate a firmware resiliency or platform root of trust (PRoT) solution to create a chain of trust for higher layers of the IT stack by detecting, protecting, and recovering device firmware to a trusted state. To secure against the Conti attack, such solutions can authenticate the boot and peripheral device firmware while filtering the SPI bus for intrusions.

Healthcare devices like the Translogic PTS could also utilize a PRoT solution, preventing attackers from compromising the device firmware with unauthenticated and unencrypted code. Utilizing a Hardware Root of Trust (HRoT) controller,  firmware updates can be verified against its cryptographic key. Any failures would drive recovery of the firmware to a known, authenticated version, avoiding system downtime and potential breach into the medical device.

Tektagon Platform Root of Trust for Healthcare IT

AMI Tektagon is a NIST® SP 800-193 compliant family of Platform Root of Trust solutions that includes comprehensive image verification, runtime protection, and recovery from the platform and peripheral firmware corruption. Provided as a simple drop-in for use with AMI Aptio and MegaRAC boot firmware, Tektagon delivers design flexibility, hardware reuse, and comprehensive support for cloud service providers, server ODMs and OEMs, central office and edge switching and client and embedded device manufacturers.

To learn more,  please contact our sales representatives.