Case Study: Patched ≠ Remediated

Healthcare Faces an Aggressive Threat Landscape

NodeZero was applied to a leading U.S hospital and healthcare system.

The client’s IT team had already adopted many security best practices& tools.

 

THE THREAT

Hackers have increasingly targeted the health care industry.

In 2020, over 600 data breaches of 500 or more patient records were reported.

In a matter of minutes, NodeZero began its reconnaissance, mapping the organisation’s infrastructure and over 8,400 hosts

NodeZero ran for 8 days with no adverse impact to the network. 31 vulnerabilities with 278 unique attack paths were identified.

 

THE FINDINGS

NodeZero is a fully autonomous SaaS offering that views the network from the attackers’ perspective.

Even before Node Zero completed it’s testing, the most significant and surprising finding was communicated to the client.

Had attackers targeted the vulnerable hosts, they could have quickly created their own credentials & gained access to every system in the organisation.

After further analysis, our client found the problem: a misconfiguration in their EDRsolution had blocked patches on the domain controllers for the past 18 months.

The failures were not propagated back to the patch management system, resulting in their vulnerability management and monitoring tools.

Cyber Security

 

THE SOLUTION

After manually pushing patches to each domain controller, NodeZero was quickly re-run, proving that the problem had been remediated.

By using an offensive strategy to test its defenses, the healthcare system is evolving its cybersecurity posture to match the threat landscape that it faces.

 

The client’s IT staff improved their security profile and their internal monitoring, detection, and response skills.

According to the NIST CyberSecurity Framework, organisations should validate through systematic audit & assessment that they have fixed vulnerabilities after deploying patches.

After further analysis, our client found the problem: a misconfiguration in their EDR solution had blocked patches on the domain controllers for the past 18 months.

Case Study Taken from Horizon3.ai. Autonomos.AI is an authorized partner of Horizon3.AI