Vulnerability Assessment and Execution Plan for a Hospital Setup

Verified

Added on 2022/10/17

AI Summary

This report presents a vulnerability assessment and execution plan tailored for a hospital setup, highlighting the critical importance of cybersecurity in healthcare. It begins by emphasizing the financial impact of data breaches, citing statistics on the cost of such incidents. The report then identifies three primary methods hackers use to breach hospital network security: malware (ransomware, viruses), human error (misdelivery, insecure passwords), and weak passwords. It details how malware is used to steal patient records and the types of data compromised. The report further explores the impact of these breaches, including financial penalties and patient harm. It provides real-world examples of data breaches, like the TheRealDeal, and explains the hackers' execution methodology, including identifying weaknesses and employing tools like web shells. The aim is to provide a comprehensive understanding of hospital security vulnerabilities and potential mitigation strategies.

Welcome to Vulnerability Assessment
[00:00:30]: Hi I am (Student name). We are all aware that vulnerability assessment is a central
component when designing a security program or plan for any organization. I want to take you
through vulnerability analysis and execution plan for a hospital set-up.
[00:00:45]: According to Becker hospital, data breaches across healthcare facilities is
approximately 6.5 million dollars annually. In 2016, at least one health facility was breached
which affected over 27 million patient records.
[00:00:20]: There are three ways in which a hacker can breach network security for a hospital
set-up. These are through malware, human error, and weak passwords
[00:01:45]: Through malware hacker uses ransom ware and viruses to shutdown hospital servers
and the entire network. Hackers uses this way to steal patient records for sale. Example was the
hacker who goes by the name thedarkoverlord who stole patients’ records using malware attack.
The hacker then broke down the data into databases with prices ranging from 151 to 643 bit
coins this amounts to around 96,000 US dollars to 411, 000 US dollars. Hackers also utilizes
other types of malwares which are worms, back door, and spyware, capture store data, and RAM
scrapper
[00:00:20]: Hackers utilizes human errors created by health professionals to steal health records.
The most common types of human errors are miss-delivery which is at 38.2 percent.
[00:01:00]: some health professionals uses insecure passwords such as their names, and pets to
login to medical records system. In secure passwords enables a hacker to gain unauthorized
access to a protected network. Here a hacker uses brute force type of attacker to gain the
passwords thus able to login to the system to get medical data

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

[00:00:45]: The type of data or information obtained from the three ways includes names, city,
state, ZIP, home addresses, date of birth, social security numbers, dates of birth, and home phone
numbers.
[00:00:30]: The major aim of stealing health records information by the hacker is to sell the data.
Currently data stolen from hospitals contain over one terabyte is sold at around 19,166 dollars.
[00:00:40]: The major impact of data breach affects lot of patients. Example in February 16th
2018, hospital data breach affected five hundred patients. Second, breached health records can
result to the respective hospitals being fined by a health facility with penalties reaching a
maximum of 20 million dollars
[00:00:50]: TheRealDeal is an example of a hacker of medical records which is a darknet
website and a part of cyber-arms industry who have been reported by FBI as able to steal
medical information for sale. An example of medical record stolen by TheRealDeal was Atlanta,
Georgia
[00:00:30]: To execute a vulnerability hackers first identifies a weakness in a system or a
backdoor. They then perform buffer overflow which is a form of delivering malicious
commands. Also hackers utilize hacking tools such web Shells, Mimikatz , and Htran
[00:00:10] The common methodology employed by hackers is the use of BEC attack. Thank you