Healthcare Is Under Attack

Ransomware attacks increase every year and cost US healthcare organizations an estimated $21 billion in 2020.¹

Healthcare organizations are an attractive target to cyber criminals. They value patient records for identity theft and insurance fraud. Lifesaving medical devices, many not designed with cyber security in mind, are connected to the network and accessible to attackers. Defending these requires diligence, but ensuring your defenses are adequate can be a challenge.

Layered Defenses Need
A Security Testing Strategy

Horizon3.ai provides an effective alternative to expensive, resource consuming traditional pentests – autonomous penetration testing as a service.

NodeZero views networks as would an adversary, collecting reconnaissance, identifying weaknesses, and chaining together attacks to exploit a system. It can identify misconfigurations and other weaknesses that can allow an attacker to traverse a network and escalate privileges to steal Personal Health Information or execute ransomware attacks.

Validate your defenses

With so many active attack vectors it isn’t enough to simply “license a solution”. Teams must verify that the solutions work correctly to protect the organization.

Alarm Icon

Breach and Data Theft

Patient records are high value targets for criminals focused on identity theft and insurance fraud. Attacks can start with compromised credentials, unpatched or poorly patched devices, or misconfigured servers.

Publicly disclosed vulnerabilities in commonly used open source components like Log4j can provide adversaries with a simple attack vector.

Phishing Icon

Ransomware and Phishing

In 2017, the WannaCry ransomware attack affected over 200,000 computers in over 100 countries. According to the UK’s National Audit Office, it affected one third of the healthcare organizations in England, making it impossible to access patient records.³

NodeZero validates that your defenses are properly deployed by orchestrating over 100 offensive tools to harvest credentials, exploit vulnerabilities, and exploit default settings and misconfigurations to execute attacks.

Case Study Document - Patched Does Not Equal Remeidated
Case Study

Patched ≠ Remediated

One of our clients, a leading U.S. hospital and healthcare system, consistently earns high marks for clinical excellence and is among the top 10 percent in the nation for patient safety. Recognizing the growing cybersecurity threats to healthcare organizations and importance of importance of maintaining compliance with regulatory standards like HIPAA, PCI, and other privacy rules, the organization’s IT staff worked hard to ensure a strong security posture.

Download the case study to learn more.

Customer Stories

Misreporting Tools Leave Servers Vulnerable for 18 Months

A teaching hospital had a diligent IT team. They tracked security updates to their systems, promptly patched for critical issues using industry-leading tools, and verified the patches using Microsoft DISM. When NodeZero exploited a critical but year-old vulnerability in under one day on several of their Active Directory domain controllers, they insisted it was a false positive. The ZeroLogon vulnerability had been patched months earlier. They even had evidence; reports from Qualys and Microsoft DISM showed all systems had been successfully patched.

My EDR Should Have Caught That!

It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response (EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain rights.

How does NodeZero Help?

External Pentesting

NodeZero can:

  • Be run without credentials, using the attack techniques and tools of an external hacker
  • Be run with credentials, for organizations that “assume breach”
  • Follow the attack patterns used by sophisticated adversaries and nation states, chaining together vulnerabilities, harvested credentials, misconfigurations, and dangerous product defaults into attack vectors

Actionable Results

NodeZero provides:

  • Graphical evidence of the precise path used in an attack and proof of each step of exploitation
  • Proof of impact by identifying and reporting on data it was able to access
  • Precise and actionable remediation guidance, allowing security and operations to resolve issues at the root cause quickly

Try NodeZero

A true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents.

NodeZero combines the lower cost and high frequency testing capabilities of automated pentesting with the expertise, thoroughness, and precision of manual pentests performed by highly skilled security professionals. The result is an ability to run continuous purple teaming exercises at a low annual cost.

Sources