A critical high-severity vulnerability in several cardiac healthcare devices could allow attackers to access privileged accounts without a password and seize control of the devices.
The authentication bypass flaw in certain products made by Hillrom exists when the devices have been configured to use single sign-on (SSO). It allows the manual entry of all active directory (AD) accounts provisioned within the application, meaning access will be granted without having to provide the associated password.
Successful exploitation of this vulnerability could allow an attacker to access privileged accounts. The vulnerability (tracked as CVE-2021-43935) has been assigned a CVSS score of 8.1 out of 10.
The following Hillrom cardiology products, when configured to use SSO, are affected:
- Welch Allyn Q-Stress Cardiac Stress Testing System: Versions 6.0.0 through 6.3.1
- Welch Allyn X-Scribe Cardiac Stress Testing System: Versions 5.01 through 6.3.1
- Welch Allyn Diagnostic Cardiology Suite: Version 2.1.0
- Welch Allyn Vision Express: Versions 6.1.0 through 6.4.0
- Welch Allyn H-Scribe Holter Analysis System: Versions 5.01 through 6.4.0
- Welch Allyn R-Scribe Resting ECG System: Versions 5.01 through 7.0.0
- Welch Allyn Connex Cardio: Versions 1.0.0 through 1.1.1
Hillrom plans to address the issue in its next release, therefore the vulnerability currently remains unpatched. To mitigate the risk, Hillrom recommends disabling the SSO feature in the respective Modality Manager Configuration settings. Hillrom also recommends workarounds including applying proper network and physical security controls and applying authentication for server access.
The US Cybersecurity & Infrastructure Security Agency (CISA) also gave recommendations for protecting systems, including minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet, and using secure methods for remote access, such as VPNs. However, CISA warned that such products are “only as secure as connected devices”.
While healthcare was already rapidly digitizing before the onset of COVID-19, the outbreak of the pandemic accelerated the process even more. The result is that today the modern healthcare network is so distributed, heterogenous and complex that it can no longer be protected by enforcing policies on the perimeter alone. As a result, the best option to secure these networks is a layered, device-centric approach with built-in Zero Trust policies that will help prevent breaches and contain the scope of any that do occur.