Why Legacy Medical Systems Are a Growing ConcernFrank Catucci of Invicti Security on Persistent Threats and Risks Facing Healthcare
Healthcare sector entities' reliance on specialty and legacy equipment, including imaging systems and other gear, continues to present attractive targets for threat actors and a growing risk for medical providers, says Frank Catucci, CTO and head of research at security firm Invicti Security.
"If there is something that an attacker can identify as an inherent weakness in a system or a group of systems within an industry, we tend to see that those types of businesses or that type of industry is attacked in a repetitive manner," he said.
Attackers are leveraging common weak points in a sector, he said in an interview with Information Security Media Group. "The inherent vulnerabilities of older legacy systems, being primarily in a lot of health care settings, set up a perfect storm for these types of attacks," he says.
Entry points leveraging security weaknesses in gear such as outdated medical imaging equipment or the systems that house those records are examples of the kinds of risk concerns within healthcare environments, he said. "They're unhardened, unpatched, vulnerable, contain older software components and are very commonly found in the health care sector."
In this interview with Information Security Media Group (click audio link below photo), Catucci also discusses:
- Recent attacks on healthcare sector entities by Russian-affiliated threat actors;
- Security issues involving cloud and hybrid environments in healthcare;
- Steps healthcare sector entities should consider to address these concerns.
Catucci is a global application security technical leader with over 20 years of experience designing scalable application security specific architecture and partnering with cross-functional engineering and product teams. He is a past OWASP chapter president and contributor to the OWASP bug bounty initiative. He previously served as head of application and product security at Data Robot. Prior to that, Catucci served as senior director of application security and DevSecOps and security researcher at Gartner.