Experts warn that hospitals are in very real danger of hacking attacks using the BlueKeep backdoor. But what is BlueKeep and why should hospital ITs be afraid?
BlueKeep is a Windows vulnerability
Back in May 2019, UK officials stated that they had found a security problem in Windows. Microsoft confirmed that all Windows products between 2001 and 2009 had this issue, which would later be called BlueKeep. In case this isn’t clear, two of the most popular OSes even today, Windows XP and Windows 7, became open to attacks overnight. Attackers using BlueKeep could use a particular communication protocol and a specific port to hijack a PC. Before the month was through, Microsoft had released patches for all its OSes. Although the hole was patched before hackers could come up with ways to use it, this was not the end of the story. Unpatched PCs are still completely open to attack, which could then spread to every PC in a network.
Hospitals and Windows
Sadly, it’s not just hospital PCs that use Windows. Most medical equipment is just expensive sensors and software attached to a Windows PC. Even worse, it’s not rare to find modern devices running on really old Windows due to compatibility problems (eg. this 2009 GE ultrasound that can still be bought new is really just a Windows 98 PC). The same compatibility problems mean that these PCs rarely receive updates – these would surely break the balance between hardware never meant for PCs, decades-old proprietary software and the jerry-rigged software “plugs” that device makers use to “make it work”.
Hospitals and BlueKeep
As a result, healthcare cybersecurity experts at CyberMDX report that 50% of hospital devices that run on Windows are still wide open to BlueKeep attacks. These run the gamut: CT and MRI devices, ultrasound stations, patient monitors and even life support systems. If you think that it only takes a single PC for hackers to access the whole network, it’s no wonder experts are so vocal about taking this threat in earnest.
The next steps
As we said earlier, the BlueKeep attacks take advantage of a protocol and a port. Disabling either is enough to protect a medical device from hackers. Another alternative – just plug these devices out of the network. This, however, is becoming all the more difficult in an age when collecting as much data as possible is actually helping doctors treat patients better.