Connect with us

Hi, what are you looking for?


Network Security

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector.

CISA known exploited vulnerabilites

The US cybersecurity agency CISA has issued cybersecurity recommendations after conducting an assessment at the request of an unnamed healthcare and public health (HPH) sector organization using on-prem software.

During a two-week penetration test, CISA said it assessed the target entity’s web applications, susceptibility to phishing, resilience to simulated adversary attacks, and reviewed its databases for misconfigurations and its network and connected devices for vulnerabilities.

The US government cybersecurity arm is releasing information on the assessment results to help other organizations in the Healthcare and Public Health sector improve their cybersecurity posture.

“The CISA team did not identify any significant or exploitable conditions from penetration or web application testing that may allow a malicious actor to easily obtain initial access to the organization’s network,” the agency said, noting that its phishing attempts failed, because payloads were blocked, either before they could be downloaded, or upon execution. Payloads that evaded protections did not connect to a command-and-control (C&C) server.

While employees did fall for phishing email lures and shared their credentials through malicious forms, the login information provided limited access to external-facing resources and the organization had multi-factor authentication (MFA) implemented for cloud accounts.

During the internal penetration testing phase, however, the agency did identify misconfigurations, weak passwords, and other issues that could have allowed an attacker to compromise the organization’s domains. CISA said it found multiple web interfaces protected by default credentials, as well as the use of default printer credentials, and was able to compromise the organization’s domain via four different attack paths.

Following the assessment, CISA drew attention to four high-severity and one medium-severity issues that need addressing, including the weak passwords, a web server template that did not restrict authenticated users’ permissions, the use of unnecessary network services, a service account with elevated privileges, and systems that lacked SMB signing enforcement.

The agency also draws attention to the reuse of passwords across administrator and user accounts, the lack of timely patches, the use of outdated software, weak authentication measures, credentials stored in plaintext, insecure file shares, and other high- and medium-severity issues that could allow attackers to fully compromise an organization’s environment.

Advertisement. Scroll to continue reading.

As part of its assessment report, CISA also provides a series of mitigation recommendations and urges HPH sector and other critical infrastructure entities to review and apply them to mitigate the identified issues. The agency also recommends a set of strategies that HPH organizations can implement to mitigate cyber threats.

Related: CISA, HHS Release Cybersecurity Healthcare Toolkit

Related: CISA Offering Free Cybersecurity Services to Non-Federal Entities

Related: CISA IDs Vulnerabilities, Misconfigurations Hit by Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.