healthitsecurity.com
Open in
urlscan Pro
2606:4700:20::681a:9fb
Public Scan
URL:
https://healthitsecurity.com/news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare
Submission: On April 14 via api from IN — Scanned from DE
Submission: On April 14 via api from IN — Scanned from DE
Form analysis 7 forms found in the DOM
POST https://healthitsecurity.com/news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare
<form id="cookieConsentForm" method="post" action="https://healthitsecurity.com/news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare">
<div class="hiddenFields">
<input type="hidden" name="ACT" value="116">
<input type="hidden" name="RET" value="IiuuCl4c2eStJTJGq4R67AgrDrYooEt8svUAetoal96JK7H3VBCihfGUPttGCK6O/GXyol++Hy0mjWF7D70UmNOfmAzBJ64U1nbNvAbqYlJGbnjmh2719EOtC4l/2EkV">
<input type="hidden" name="consent_names" value="oLscZa9fhY6PPV1Rq2JXEZSNVYf0kAIY/7s0AKmXxqSLRl/+59PVCtqSOBvRTC02">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<div id="cookie-consent">
<div class="msg">
<p>This website uses a variety of cookies, which you consent to if you continue to use this site. You can read our <a href="http://www.xtelligentmedia.com/privacy-policy" target="_blank">privacy policy</a> for details about how these cookies
are used, and to grant or withdraw your consent for certain types of cookies. Consent and dismiss this banner by clicking agree.</p>
</div>
<div class="action">
<input type="hidden" name="terms-of-service" value="y">
<input type="submit" name="submit" value="Agree">
</div>
</div>
</form>POST https://healthitsecurity.com/
<form id="top_search_form" class="form" method="post" action="https://healthitsecurity.com/">
<div class="hiddenFields">
<input type="hidden" name="params" value="eyJyZXN1bHRfcGFnZSI6InNlYXJjaFwvaW5kZXgifQ">
<input type="hidden" name="ACT" value="104">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<input type="text" name="keywords" size="20" placeholder="Search..."><input type="image" src="https://healthitsecurity.com/misc/search-solid.png" name="submit" value="Search">
</form>POST https://healthitsecurity.com/
<form id="search_form" class="form" method="post" action="https://healthitsecurity.com/">
<div class="hiddenFields">
<input type="hidden" name="params" value="eyJyZXN1bHRfcGFnZSI6InNlYXJjaFwvaW5kZXgifQ">
<input type="hidden" name="ACT" value="104">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<input type="text" name="keywords" size="20" placeholder="Search..."><input type="image" src="https://healthitsecurity.com/misc/search.png" name="submit" value="Search">
</form>POST https://healthitsecurity.com/
<form id="xtel-leads-form" method="post" action="https://healthitsecurity.com/">
<div class="hiddenFields">
<input type="hidden" name="ACT" value="53">
<input type="hidden" name="RET" value="">
<input type="hidden" name="URI" value="news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare">
<input type="hidden" name="redirect" value="">
<input type="hidden" name="member_id" value="0">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<input type="text" name="user-email" id="user-email" placeholder="Your email">
<input type="hidden" name="site" id="user-site" value="HealthITSecurity">
<input type="hidden" name="refereer" id="user-refereer" value="https://healthitsecurity.com/news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare">
<input type="hidden" name="action" value="lead">
<input type="hidden" name="elqCustomerGUID" value="">
<input type="hidden" name="elqCookieWrite" value="0">
<p><label for="newsletter-org">Organization Type</label><br><select name="newsletter-org" id="newsletter-org" class="newsletter-org" required="">
<option disabled="" selected="">Select One</option>
<option value="1">Accountable Care Organization</option>
<option value="2">Ancillary Clinical Service Provider</option>
<option value="3">BioMedical Engineering</option>
<option value="4">Biotechnology Company</option>
<option value="5">Clinical Research Organization</option>
<option value="6">Federal/State/Municipal Health Agency</option>
<option value="7">Hospital/Medical Center/Multi-Hospital System/IDN</option>
<option value="8">Life Sciences</option>
<option value="9">Medical Device Manufacturer</option>
<option value="10">Outpatient Center</option>
<option value="11">Payer/Insurance Company/Managed Care Organization</option>
<option value="12">Pharmaceutical Company</option>
<option value="13">Physician Practice/Physician Group</option>
<option value="14">Skilled Nursing Facility</option>
<option value="15">Vendor</option>
</select></p><input type="submit" id="check-email" value="Submit">
<p style="display:block; font-size:12px; line-height:15px; padding-right:5px; margin-top:15px;" id="terms-p"><input type="checkbox" name="newsletter-terms" id="terms" required=""> By submitting your personal information, you agree that Xtelligent
Healthcare Media and its partners may contact you regarding relevant content, products and special offers. Please read and agree to the <a href="https://www.xtelligentmedia.com/terms-condition" target="_blank">Terms of Use</a> and the
<a href="https://www.xtelligentmedia.com/privacy-policy" target="_blank">Privacy Policy</a>.</p>
</form>POST https://healthitsecurity.com/
<form id="newsletter-form" method="post" action="https://healthitsecurity.com/">
<div class="hiddenFields">
<input type="hidden" name="ACT" value="89">
<input type="hidden" name="RET" value="">
<input type="hidden" name="URI" value="news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare">
<input type="hidden" name="redirect" value="">
<input type="hidden" name="member_id" value="0">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<input type="hidden" name="site" id="user-site" value="HealthITSecurity">
<input type="hidden" name="refereer" id="user-refereer" value="https://healthitsecurity.com/news/software-vulnerabilities-point-to-need-for-ics-security-in-healthcare">
<input type="hidden" name="action" value="lead">
<input type="hidden" name="elqCustomerGUID" value="">
<input type="hidden" name="elqCookieWrite" value="0">
<input type="checkbox" name="newsletter-sites[]" value="7" checked=""> HIPAA, Cybersecurity and Ransomware<br><input type="checkbox" name="newsletter-sites[]" value="10"> IT Infrastructure<br><input type="checkbox"
name="newsletter-sites[]" value="6"> Analytics, AI and Blockchain<br>
<p><label for="newsletter-org">Organization Type</label><br><select name="newsletter-org" id="newsletter-org" class="newsletter-org" required="">
<option disabled="" selected="">Select One</option>
<option value="1">Accountable Care Organization</option>
<option value="2">Ancillary Clinical Service Provider</option>
<option value="3">BioMedical Engineering</option>
<option value="4">Biotechnology Company</option>
<option value="5">Clinical Research Organization</option>
<option value="6">Federal/State/Municipal Health Agency</option>
<option value="7">Hospital/Medical Center/Multi-Hospital System/IDN</option>
<option value="8">Life Sciences</option>
<option value="9">Medical Device Manufacturer</option>
<option value="10">Outpatient Center</option>
<option value="11">Payer/Insurance Company/Managed Care Organization</option>
<option value="12">Pharmaceutical Company</option>
<option value="13">Physician Practice/Physician Group</option>
<option value="14">Skilled Nursing Facility</option>
<option value="15">Vendor</option>
</select></p><input type="text" id="newsletter-sites-email" name="newsletter-sites-email" placeholder="Your email"><input type="submit" id="newsletter-sites-submit" value="sign up" class="red-button">
<p style="display:block; font-size:12px; line-height:15px; padding-right:5px;" id="terms-p"><input type="checkbox" name="newsletter-terms" id="terms" required=""> By submitting your personal information, you agree that Xtelligent Healthcare Media
and its partners may contact you regarding relevant content, products and special offers. Please read and agree to the <a href="https://www.xtelligentmedia.com/terms-condition" target="_blank">Terms of Use</a> and the
<a href="https://www.xtelligentmedia.com/privacy-policy" target="_blank">Privacy Policy</a>.</p>
</form>POST https://healthitsecurity.com/
<form id="forgot_password_form" method="post" action="https://healthitsecurity.com/">
<div class="hiddenFields">
<input type="hidden" name="ACT" value="122">
<input type="hidden" name="RET" value="">
<input type="hidden" name="params_id" value="464623990">
<input type="hidden" name="site_id" value="7">
<input type="hidden" name="csrf_token" value="5ebdfc48522ec06a393bba7e56b7f5669b1c3a30">
</div>
<p>
<label for="email"> Email Address <span class="required">*</span>
</label>
<input type="text" name="email" id="email">
</p>
<p><input type="submit" name="submit" value="Reset password"></p>
</form><form id="elq-form"><input type="hidden" name="elqCustomerGUID" value="b954d7e2-bebe-4709-8d1c-9fbd40bb02a6"></form>Text Content
This website uses a variety of cookies, which you consent to if you continue to use this site. You can read our privacy policy for details about how these cookies are used, and to grant or withdraw your consent for certain types of cookies. Consent and dismiss this banner by clicking agree. * * login | * register * Home * News * Features * Interviews * Podcasts * Research * White Papers & Webcasts * Events * HIPAA and Compliance * Cybersecurity * Cloud * Mobile * Patient Privacy * Data Breaches * Toggle navigation HealthITSecurity * Home * News * Features * Interviews * Podcasts * White Papers & Webcasts * Events * * Become a member * Login * HIPAA and Compliance * Cybersecurity * Cloud * Mobile * Patient Privacy * Data Breaches TopicHIPAA and ComplianceCybersecurityCloudMobilePatient PrivacyData Breaches CYBERSECURITY NEWS SOFTWARE VULNERABILITIES POINT TO NEED FOR ICS SECURITY IN HEALTHCARE INDUSTRIAL CONTROL SYSTEM (ICS) SECURITY REQUIRES DEFENSE IN DEPTH MEASURES AND REGULAR VULNERABILITY PATCHING. Source: Getty Images Share on Twitter By Jill McKeon April 06, 2022 - The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an industrial control system (ICS) medical advisory regarding the LifePoint Informatics patient portal. If exploited, the vulnerability could lead to protected health information (PHI) exposure. “Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting,” the advisory explained. The vulnerability impacts LifePoint Informatics’ patient portal version LPI 3.5.12.P30. However, LifePoint Informatics released and deployed an updated version of its patient portal in February 2022, which effectively mitigated this vulnerability. Since the patient portal is a hosted application, users do not need to take action. DIG DEEPER * Phishing Attacks, Email Security Incidents Hit 3 Healthcare Orgs * Senators Introduce PATCH Act to Ensure Medical Device Security * Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket Although this specific vulnerability was deemed low-risk, CISA’s advisory urged users to take defensive measures to reduce the risk of exploitation. Specifically, CISA recommended that users minimize network exposure for all control system devices, isolate control system networks and remote devices from the business network, and utilize VPNs. The agency also directed organizations toward its ICS security best practices and resources. But securing industrial control systems can be more challenging than securing IT environments. “Industrial control systems are used for managing, directing, and regulating the behavior of automated industrial processes. ICS is a term that encompasses several types of control systems, but all these systems have some basic traits in common,” Stephen Mathezer wrote in a SANS Institute blog post. “Their job is to produce a desired outcome, typically maintaining a target state or performing a certain task in an industrial environment. They carry out this function using sensors to gather real-world information. They then compare this data with desired set points, and compute and execute command functions to control processes through final control elements, such as control valves, to maintain desired states or complete tasks.” ICS security is crucial to maintaining operations and mitigating overall enterprise risk. “In each of these critical infrastructure sectors, different industrial control systems are continuously at work regulating flow rates, opening and closing breakers, monitoring temperature levels, and performing many other functions,” Mathezer continued. A recent report by Claroty found that healthcare IoT, IT, and medical device vulnerability disclosures have increased in recent years, signaling a need for better ICS security. Researchers found that ICS vulnerability disclosures grew by 110 percent over the last four years, with a 25 percent increase in the latter half of 2021 alone. “While the volume of headline-grabbing attacks dwindled in the second half of 2021 compared to the first six months, those incidents will only fuel the eventual prioritization of XIoT cybersecurity among decision makers,” the report predicted. “This indicates that organizations will merge OT, IT, and IoT under converged security management, and that OT and ICS will no longer be their own walled-off disciplines. Therefore, asset owners and operators must have a thorough snapshot of their environments in order to manage vulnerabilities and lessen their exposure.” CISA’s advisory recommended that organizations adopt defense in depth strategies to improve ICS security. Defense in depth strategies can ensure that if one technical, administrative, or physical safeguard fails to detect an intrusion, other tools will be at the ready. Organizations should implement proper access controls, VPNs, endpoint security systems, and other safeguards to layer defenses properly. “CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures,” the advisory emphasized. CISA also urged organizations to protect themselves from social engineering attacks by learning about the signs of phishing attacks. As security threats continue to impact the healthcare sector, organizations must remain vigilant and implement a holistic security program to mitigate risk. * Tagged * Cybersecurity * Medical Device Security Share on Twitter RELATED ARTICLES * DHS CISA Alerts to MedTronic MyCareLink Medical Device Flaws * CISA Warns More Critical Flaws Found in Open Source TCP/IP Stacks * IoT Security Incidents Increase as Healthcare Leans into Connected Health RELATED RESOURCES * Levers of Human Deception: the Science and Methodology Behind Social Engineering * Enabling Cyber-Recovery to Achieve Cyber-Resilience * The State of Critical Access Management in Healthcare SIGN UP TO RECEIVE OUR NEWSLETTER AND ACCESS OUR RESOURCES Organization Type Select OneAccountable Care OrganizationAncillary Clinical Service ProviderBioMedical EngineeringBiotechnology CompanyClinical Research OrganizationFederal/State/Municipal Health AgencyHospital/Medical Center/Multi-Hospital System/IDNLife SciencesMedical Device ManufacturerOutpatient CenterPayer/Insurance Company/Managed Care OrganizationPharmaceutical CompanyPhysician Practice/Physician GroupSkilled Nursing FacilityVendor By submitting your personal information, you agree that Xtelligent Healthcare Media and its partners may contact you regarding relevant content, products and special offers. Please read and agree to the Terms of Use and the Privacy Policy. Newsletter Signup Sign up to receive our newsletter and access our resources HIPAA, Cybersecurity and Ransomware IT Infrastructure Analytics, AI and Blockchain Organization Type Select OneAccountable Care OrganizationAncillary Clinical Service ProviderBioMedical EngineeringBiotechnology CompanyClinical Research OrganizationFederal/State/Municipal Health AgencyHospital/Medical Center/Multi-Hospital System/IDNLife SciencesMedical Device ManufacturerOutpatient CenterPayer/Insurance Company/Managed Care OrganizationPharmaceutical CompanyPhysician Practice/Physician GroupSkilled Nursing FacilityVendor By submitting your personal information, you agree that Xtelligent Healthcare Media and its partners may contact you regarding relevant content, products and special offers. Please read and agree to the Terms of Use and the Privacy Policy. Most Read Stories * Senators Introduce PATCH Act to Ensure Medical Device Security * Senators Introduce Healthcare Cybersecurity Act * Key Differences Between PHI and PII, How They Impact HIPAA Compliance * SuperCare Health Data Breach Impacts 318K Popular Topics * Protected Health Information * Cybersecurity * Data Breaches * HIPAA Compliance * HIPAA * Patient Privacy * Data Encryption * Ransomware * Risk Management * HIPAA Technical Safeguards Most Read Features * What Is a HIPAA Business Associate Agreement (BAA)? * This Year’s Largest Healthcare Data Breaches * Security, Privacy Risks of Artificial Intelligence in Healthcare * 2021’s Top Healthcare Cybersecurity Threats, What’s Coming in 2022 BECOME A MEMBER Complete your profile below to access this resource. Thanks for subscribing to our newsletter. Please fill out the form below to become a member and gain access to our resources. RESET YOUR PASSWORD Enter your email address to receive a link to reset your password Email Address * NEXT IN CYBERSECURITY CT Health Insurance Exchange Failed to Report 44 Breaches, Audit Finds * About Us * Contact Us * Advertise on HealthITSecurity * Privacy Policy * DMCA Policy * Terms & Condition * Sitemap * EHRIntelligence * HealthITAnalytics * RevCycleIntelligence * mHealthIntelligence * HealthPayerIntelligence * HITInfrastructure * PatientEngagementHIT * PharmaNewsIntelligence * HealthCareExecIntelligence * LifeSciencesIntelligence ©2012-2022 TechTarget, Inc. Xtelligent Healthcare Media is a division of TechTarget. All rights reserved. HealthITSecurity.com is published by Xtelligent Healthcare Media a division of TechTarget.