Intelligence in Offensive Security: How to Level Up
Echelon Red Teaming in Healthcare

Pen Testing is Not Enough – Red Team Assessments in Healthcare

By Dahvid Schloss + Steve Snider + Jake Murphy + Evan Hosinski
Posted on Mar 14 / 2023

As healthcare organizations become increasingly reliant on technology and data to provide quality care, they must also be aware of the potential threats and vulnerabilities that come with the use of such technology.

The healthcare industry has traditionally lagged behind the current security standards and practices of the larger technology market, but since 2020 and the massive increase in cybercrime, this is starting to change.

It’s encouraging to see so many healthcare organizations become more accustomed to performing penetration tests, but unfortunately, penetration tests by themselves are still not enough to ensure that the entire threat landscape is secure.

It’s time to perform an assessment that does.

An Overview of Red Teaming vs. Pen Testing

A red team is a type of security assessment that involves an outside team of security professionals attempting to break into an organization's system or infrastructure.

Red team assessments are a form of offensive security testing with a comprehensive approach. Unlike a traditional pentest, a red team assessment leverages a holistic outlook on a company’s assets to develop an attack surface. By utilizing Open-Source Intelligence (OSINT), social engineering tactics, and establishing phishing campaigns, red team assessments recursively build upon the information discovered before conducting a calculated attack on the perimeter.

After a successful breach, a red team assessment aims to simulate a real-world attack and identify vulnerabilities in the overall security program that a threat actor could exploit to access sensitive data or systems. This often means a slower, more methodical approach with deeper network analysis and reconnaissance.

The goal of this approach is to obtain as much information as possible before potential detection. Red team assessments typically involve a combination of manual testing, automated testing, and social engineering techniques to assess the system’s security and may include physical security elements. By simulating a real-world attack, a red team assessment gives healthcare companies a better understanding of their security posture and helps them identify potential risks and weaknesses.

Additionally, these attacks allow an organization to assess its employees and their response to potential threats and suspicious activity. This simulation also helps assess the organization’s ability to respond to threats and vulnerabilities in real time, fine tune alerts and develop an action plan to mitigate the overall damage done after detection.

The Importance of Red Team Assessments in Healthcare

This type of assessment is invaluable in healthcare organizations, since these companies are responsible for handling very sensitive medical data and must ensure that their systems are secure.

In the last decade, numerous healthcare organizations have become the target of malicious threat actors. In 2017, the British National Health Service (NHS) was targeted with WannaCry ransomware and was brought to a standstill for several days, preventing time-sensitive operations such as patient surgeries and appointments. Their staff was even forced to revert to pen and paper following the incident.

In more recent news, CommonSpirit Health (the second largest health system in the United States) was the victim of a cyber-attack resulting in over half a million patient records being exposed. These records exposed patient data containing full names, addresses, phone numbers, birth dates, and more.

Healthcare organizations are not just valid targets for criminal hackers – they are excellent targets. They house a treasure trove of sensitive user data, which can be sold on the dark web or to other black-market groups. Healthcare organizations are also notoriously vulnerable due to the use of outdated systems and traditionally light forms of encryption/security.

Identifying your security gaps through a red team assessment can help mitigate security issues that may be taken advantage of by threat actors. For example, threat actors that take advantage of vulnerabilities within your network can exfiltrate sensitive patient data in a data breach or launch ransomware within your network.

Level-Up Your Security with a Red Team Assessment

Hospitals and healthcare organizations need to create a culture of prioritizing security.

You can start by asking important questions like:

Do employees question strangers?

Are systems patched and updated regularly?

Do your users lock their systems when not in use?

Is patient data properly encrypted?

This will help you begin to map out your level of susceptibility to attack. However, the true level of an organization’s vulnerability to threat actors cannot be fully known until a proper red team engagement is conducted.

Ultimately, red team assessments provide healthcare organizations with a comprehensive view of their wholistic security posture and help them identify and address any potential risks or vulnerabilities in their systems, processes, procedures, and plans. In addition, these assessments can help you identify and address potential risks that could otherwise go unnoticed.

And since threats are always evolving, regular red team assessments provide a real-time overview of your security posture and its effectiveness against real-world attacks. By conducting regular red team assessments, healthcare organizations can holistically level-up the security of their networks, systems, brick-and-mortar establishments, and security programs, which can minimize the risk of a data breach or other security-related incident.

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence