Baxter Connex Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about two serious security flaws in Baxter’s Connex Health Portal, formerly part of Hillrom and Welch Allyn. These issues can be exploited remotely and don’t require advanced skills.
The first issue, labeled CVE-2024-6795, is extremely dangerous with a perfect 10.0 severity rating. It allows attackers to run harmful commands on the system without logging in. This could give them access to sensitive data, enable them to change or delete information, or even shut down the system.
The second flaw, CVE-2024-6796, is slightly less severe but still poses a significant risk with an 8.2 rating. It allows attackers to potentially view or change sensitive patient and clinician data. Like the first issue, this flaw is also easy to exploit remotely, and hackers don’t need special permissions to use it.
Baxter has already fixed both vulnerabilities, but CISA recommends additional precautions. Organizations should limit network exposure, ensure that these systems aren’t directly accessible from the internet, use firewalls, and adopt secure remote access, like VPNs, where necessary.
Fortunately, there haven’t been any known attacks exploiting these vulnerabilities so far. However, healthcare systems are increasingly targeted by cybercriminals due to the sensitive data they handle and the impact disruptions can have on patient care. For instance, earlier this year, Change Healthcare was hit by a ransomware attack and paid a $22 million ransom, but sensitive health data was still leaked. Kaiser Permanente, a Californian-based organisation said it was notifying 13 million current and former members of its health plan about potential exposure of their health data.
Growing Threat of Ransomware in Healthcare
Ransomware attacks on the healthcare sector have been rising steadily and nearly doubled since 2022. In 2023 alone, there were 389 reported victims globally, compared to 214 in 2022. The US saw an even larger spike, with a 128% increase, jumping from 113 attacks in 2022 to 258 in 2023. Two major ransomware groups, LockBit and ALPHV/BlackCat, were responsible for over 30% of all reported healthcare attacks worldwide.
These attacks have had severe consequences for hospitals, leading to delayed medical procedures, disruptions in patient care, multiweek system outages, and even the need to divert patients to other facilities. Hospitals have also had to reschedule appointments and struggled with reduced capacity for acute care.
A recent study by the US Department of Health and Human Services (HHS) found that healthcare facilities are particularly vulnerable due to their reliance on internet-connected systems, the large amounts of sensitive personal and health information they store, and their critical need for uninterrupted operations. These factors make the healthcare sector a prime target for ransomware attacks.
Source references:
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01
https://www.dni.gov/files/CTIIC/documents/products/Ransomware_Attacks_Surge_in_2023.pdf