Search papers, labs, and topics across Lattice.
This study conducted a comprehensive nine-month analysis of healthcare data security by deploying a low-interaction honeypot to monitor DICOM, HL7, and FHIR protocols across IPv4 and IPv6 networks. The findings revealed significant vulnerabilities, including authentication flaws in a substantial number of healthcare services, with a notable percentage lacking transport encryption and many running known vulnerable software. This research highlights critical gaps in the security of healthcare data transmission protocols, underscoring the urgent need for improved cybersecurity measures in the sector.
Over 80% of healthcare systems lack basic security measures, exposing millions of patient records to potential breaches.
Systems that process medical data should be meticulously secured. Yet, network services in healthcare environments often fail to implement basic security measures. For example, previous studies showed that network segmentation flaws led to DICOM systems leaking millions of patient records. In addition to DICOM, healthcare facilities rely heavily on the HL7 and FHIR protocols to transmit data. For nine months, we operated a low-interaction honeypot for medical protocols. We found it was regularly scanned for DICOM but never for HL7 or FHIR, indicating that despite their widespread use and importance for patient data security, the security of these services remains underexplored. In this paper, we present the first large-scale study on HL7 and FHIR services and expand previous work on DICOM. Our large-scale Internet scans, covering the three major healthcare protocols across IPv4 and IPv6 address spaces, identify healthcare systems and uncover data leaks due to authentication flaws. Additionally, we scanned for deficiencies in TLS configurations of these services and known insecure healthcare software. In total, we found \TotalEndpointsAuthFlaws ~healthcare services with authentication flaws. \NonTLSPercentage{}\% of all exposed systems do not support transport encryption, and \AllServerCVE{} systems have known software vulnerabilities, including those with potential for system takeover and CVSS scores up to 9.8. Overall, our study reveals an alarming state of cybersecurity in healthcare deployments, for which we discuss potential reasons and countermeasures. Finally, we report on the coordinated disclosure campaign we initiated to improve the security of patient data.