Healthcare IoT Security Blog

CISA Alert: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

CISA issued an alert (AA21-229A) on August 17, 2021, stating that BlackBerry has publicly disclosed that its QNX Real-Time Operating System (RTOS) is affected by a BadAlloc vulnerability. As of today, there are no known devices directly impacted by the BadAlloc vulnerability but the situtation remains fluid.

Cynerio
Aug 19, 2021

Threat Intel: PwnedPiper Pneumatic Tube System Zero-Day

PwnedPiper allows attackers to manipulate the control panel that underpins Translogic pneumatic tube systems’ functionality without having to authenticate to the network. This would allow attackers a chance to execute code remotely and launch denial-of-service attacks.

Cynerio
Aug 4, 2021

Cynerio, A Leading Provider of Healthcare IoT Cybersecurity Solutions, Launches Global Channel Partner Program

Led by infosec industry veteran Joel Silberman, partner program to engage MSPs, VARs, MSSPs at the forefront of helping hospitals and healthcare systems ensure patient safety, data confidentiality, and operational continuity

Cynerio
Jul 27, 2021

Threat Intel: ICS Medical Advisory: ZOLL Defibrillator Dashboards

CISA released ICS Medical Advisory (ICSMA-21-161-01) on June 10, 2021, detailing six newly discovered vulnerabilities in ZOLL Defibrillator Dashboards. The vulnerabilities have a CVSS v3 base score of 9.9. These vulnerabilities are remotely executable and are of low attack complexity.

Cynerio
Jun 11, 2021

White Paper: Outdated Vendor Firmware as a Driver for Adopting Zero Trust Security in Healthcare

Devices running outdated vendor firmware may represent an even bigger threat to connected medical and IoT devices than outdated operating systems (OS).

Cynerio
Jun 9, 2021

White Paper: Ransomware as a Driver for Adopting Zero Trust Security in Healthcare

In healthcare, there are myriad reasons to implement a Zero Trust security architecture, but our research has shown that Zero Trust is the only way the industry's three most prominent threats can be effectively mitigated in the short and long term.

Cynerio
May 27, 2021

Cynerio Raises $30 Million in Series B Funding to Secure Mission-Critical Medical and IoT Devices in Hospitals and Health Systems

Funds will expand Cynerio's US presence, with North American HQ in New York City, as well as its international market reach, and power the development of its advanced healthcare IoT cybersecurity and asset management platform

Cynerio
May 19, 2021

White Paper: Understanding the Basics of Zero Trust

Securing healthcare organizations and connected medical and IoT devices is full of unique challenges, but research shows that a Zero Trust infrastructure is the safest and fastest way to tackle them.

Cynerio
May 12, 2021

New Research: Outdated Vendor Firmware and Unsecured Services Leave Healthcare Environments Highly Vulnerable to Cyber Attack

Cynerio researchers studied hundreds of threats driving healthcare organizations to consider adopting a Zero Trust approach after concluding that the three most common threats to healthcare organizations today are ransomware, outdated vendor firmware, and unsecured services.

Cynerio
Apr 26, 2021

Threat Intel: NAME:WRECK TCP/IP Vulnerabilities Exposed

Dubbed NAME:WRECK, this new set of vulnerabilities can be added to a growing list of TCP/IP stack vulnerabilities that includes Ripple20, AMNESIA:33, and others.

Cynerio
Apr 14, 2021

Unpacking Ryuk Ransomware’s Threat to Healthcare

Ryuk ransomware can prevent healthcare professionals from accessing patient records and continues to disrupt critical and life-saving treatments.

Cynerio
Mar 17, 2021

Threat Intel: Philips Interventional Workstation Vulnerability Exposed

CISA released ICS Medical Advisory (ICSMA-21-019-01) on January 19, 2021, detailing a newly discovered vulnerability in Philips Interventional Workstation products with a CVSS v3 base score of 6.5.

Cynerio
Jan 20, 2021

Threat Intel: DNSpooq--7 New dnsmasq Vulnerabilities Discovered

JSOF disclosed DNSpooq, a new group of vulnerabilities (CVE-2020-25681-7) with a CVSS v3 base score of 8.1, on January 19, 2021. The new vulnerabilities, found in dnsmasq can result in cache poisoning and buffer overflows.

Cynerio
Jan 20, 2021

Threat Intel: ICS Medical Advisory: GE CARESCAPE CV150 Patient Monitors

An ICS Medical Advisory (ICSMA-21-007-01) with a CVSS v3 base score of 5.3 was issued on two improper neutralization vulnerabilities found in GE CARESCAPE patient monitors.

Cynerio
Jan 8, 2021

SolarWinds Breach: What Healthcare Organizations Need to Know

The biggest and most sophisticated cyber attack in history affects every major industry, from government to healthcare, and has prompted CISA to urge federal agencies to shut down all systems running SolarWinds products immediately.

Cynerio
Dec 23, 2020

A Peek into Our Webinar: Applying Zero Trust Security to Sensitive Healthcare IoT Environments

Here’s a sneak peek into Cynerio’s webinar with Carahsoft on how hospitals and other healthcare organizations can safely apply the Zero Trust framework to their networks to protect themselves from every kind of threat, from device-level vulnerabilities to targeted ransomware attacks.

Cynerio
Dec 21, 2020

Threat Intel: New Critical Treck TCP/IP Stack Vulnerabilities Discovered

CISA released an advisory (ICSA-20-353-01) on December 18, 2020 regarding four new vulnerabilities found in the Treck TCP/IP stack with a combined CVSS v3 base score of 9.8.

Cynerio
Dec 18, 2020

AMNESIA:33 Vulnerabilities Affect Millions of IoT Devices

The disclosure of 33 vulnerabilities, collectively dubbed AMNESIA:33, found across four open source TCP/IP stacks yesterday affects multiple Healthcare IoT products provided by various vendors.

Cynerio
Dec 10, 2020

Threat Intel: Critical CVEs Found in GE Imaging and Ultrasound Products

CISA released ICS Medical Advisory (ICSMA-20-343-01) on December 8, 2020 citing two major vulnerabilities discovered in a slew of GE radiology products.

Cynerio
Dec 9, 2020

Alert: Medical Device Vendors Update Advisories on Products Affected by the Windows Bad Neighbor Vulnerability

Following the Microsoft advisory issued on October 13, 2020 regarding the Bad Neighbor vulnerability, BD, Philips, and Carestream have released information on affected devices.

Cynerio
Dec 8, 2020

Threat Intelligence: BD Alaris Network Sessions Vulnerability

On Thursday, November 12, 2020, BD voluntarily alerted the US Department of Homeland Security and the FDA of a network session vulnerability with a CVSS score of 6.5 affecting specific versions of two BD Alaris products.

Cynerio
Nov 12, 2020

Threat Intelligence: BD Releases Advisory on Microsoft’s Zerologon Vulnerability

BD posted an advisory on November 6, 2020 regarding the Microsoft Netlogon elevation of privilege vulnerability (CVE-2020-1472), more widely known as Zerologon.

Cynerio
Nov 8, 2020

Threat Intelligence: B. Braun Device Vulnerabilities

CISA released two ICS Medical Advisories (ICSMA-20-296-01 and ICSMA-20-296-02) on October 22, 2020. The vulnerabilities enable remote exploitation, allowing threat actors to escalate privileges, access ePHI, and upload malicious data packets, compromising the devices’ security.

Cynerio
Oct 22, 2020

Threat Intelligence: Bad Neighbor

Microsoft announced a critical vulnerability (CVE-2020-16898) on October 13, 2020 with a CVSS score of 9.8. The vulnerability is located within an ICMPv6 Neighbor Discovery “Protocol”, and uses the Router Advertisement type in the Windows IPv6 stack.

Cynerio
Oct 14, 2020

Healthcare IoT Attack Surface Expands with Windows Embedded Standard 7 EOL

With the retirement of Microsoft's Windows Embedded Standard 7 operating system, Cynerio offers healthcare facilities a complimentary risk assessment until October 31, in support of CISA’s National Cyber Awareness Month.

Cynerio
Oct 7, 2020

Ransomware vs. Healthcare: Why Cybersecurity Is Patient Security

In the first half of 2020, cyber attacks against healthcare surged by 300%. In particular, ransomware attacks, jumped by 109% across the US, and that's after healthcare providers had already suffered a 350% increase in ransomware attacks in the last quarter of 2019.

Cynerio
Sep 30, 2020

Containing Healthcare Costs in the New COVID Reality

Today's healthcare industry is not the one we knew at the beginning of 2020. New and complex challenges have arisen with the advent of the COVID pandemic, starting with the suspension of nonessential procedures, which constitute healthcare organization's primary revenue source.

Leon Lerman
Sep 24, 2020

Rise in Cyber Attacks on Healthcare Institutions Increases Patient Mortality

Earlier this month, a ransomware attack against Duesseldorf University Hospital directly led to the death of a patient when the hospital was forced to reroute emergency patients to another facility 20 miles away.

Cynerio
Sep 22, 2020

Threat Intelligence: IntelliVue Vulnerabilities

The ICS-CERT issued a new advisory (ICSMA-20-233-01) on September 10, 2020. This is a set of vulnerabilities with a combined CVSS v3 base score of 6.8 that can be exploited remotely.

Cynerio
Sep 11, 2020

Cynerio Wins Gold in the 15th Annual 2020 IT World Awards®

Cynerio announced today that Network Products Guide, the industry’s leading technology research and advisory guide, has named Cynerio a Gold winner in the category of Best Technology: To Combat and Reduce the Impact of COVID-19 in the 15th Annual 2020 Network PG’s IT World Awards®.

Cynerio
Aug 31, 2020

Threat Intelligence: Advisory Issued for Philips SureSigns VS4 Devices

Philips SureSigns VS4 patient monitors, versions A.07.107 and older are at risk. These devices monitor patients’ vital signs.

Cynerio
Aug 23, 2020

White Paper: 5 Reasons Network Segmentation Is Difficult for Hospitals

Healthcare organizations have become hackers' favorite targets. Over 93% of healthcare organizations have reported a cyber incident and healthcare stands as the most targeted industry, accounting for 4 out of 5 breaches.

Cynerio
Aug 5, 2020

Threat Intelligence: NSA & CISA Recommendations for Reducing OT and CS Threat Exposure

CISA and the NSA issued an alert (AA20-205A) on July 26, 2020 regarding the increased threat of cyber attacks on critical infrastructure through connected Operational Technologies (OT) and Control Systems (CS) vulnerabilities.

Cynerio
Jul 27, 2020

White Paper: How Network Segmentation Protects Your Patients

The best way to protect any network is by segmenting it. Unsegmented networks present hostile parties with a large attack surface that can be difficult to manage and protect.

Cynerio
Jul 2, 2020

BD Issues Recall on Alaris Systems Hardware

BD issued a recall on a number of Alaris model infusion pumps for hardware defects and malfunctions that can disrupt the devices’ operation on June 30, 2020. The manufacturer issued an addendum to the original recall on August 20.

Cynerio - updated September 3
Jul 1, 2020

Threat Intelligence: Ripple20 Puts Healthcare IoT at Particular Risk

The Ripple20 threat (CVE-2020-11896/CVE-2020-11898), a series of 19 critical vulnerabilities, impacts millions of connected devices and puts healthcare organizations at particular risk.

Cynerio
Jun 17, 2020

Cynerio Named a Leader in Connected Medical Device Security Evaluation by Independent Research Firm

Cynerio today announced that they were named a leader and received among the highest scores in the current offering and strategy categories in “The Forrester New Wave™: Connected Medical Device Security, Q2 2020,”

Cynerio
Jun 15, 2020

Undocumented Default Passwords Discovered on IoMT Devices Provide a Backdoor into Clinical Networks

New threat intelligence research by Cynerio has revealed that certain passwords are repeatedly used across hospitals in different health systems, in every clinical setting, and across all departments and device types—providing a backdoor into otherwise secure clinical networks.

Cynerio
Jun 11, 2020

Cynerio Podcast: COVID, Telemedicine & the Internet of Targets

In a recent podcast, Cynerio spoke with Dr. John Halamka, emergency medicine physician and president of the Mayo Clinic Platform to talk about the post-COVID "New Normal" and how we can expect the healthcare industry to evolve from here.

Cynerio
Jun 8, 2020

Cynerio Honored as Silver Stevie Award Winner in 2020 American Business Awards

Cynerio, a leading provider of Internet of Medical Things (IoMT) security solutions today announced they were named the winner of the Silver Stevie® Award in the Healthcare Technology Solution category in the 18th Annual American Business Awards® today.

Cynerio
May 20, 2020

Cynerio Keeps It Cool

Cynerio was just named a Gartner Cool Vendor, making it the only medical-first IoT security platform to hold the title. Granting this award to a platform focused on safeguarding medical technologies only goes to show how critical the nascent Internet of Medical Things (IoMT) cybersecurity industry is.

Cynerio
May 7, 2020

A Peek Into Our Webinar: 3 Ways You Haven’t Thought of for Using Automation in Healthcare

Take a peek into Cynerio's webinar with HealthITSecurity for a practical overview of 3 use cases demonstrating how hospitals can leverage emerging healthcare automation technologies to secure IoMT devices, safeguard patients, and ensure business continuity.

Cynerio
May 7, 2020

Part 2: Coronavirus’s Impact on Healthcare IT: Supporting Real-Time Needs of Hospitals in Crisis

Just like the best way to limit the spread of disease among people is to practice social distancing, the best way to protect your medical devices is to separate, or segment them, from each other. Think of healthcare network segmentation as social distancing for medical devices.

Leon Lerman
Apr 27, 2020

Cynerio Named a Cool Vendor by Gartner in Cyber-Physical Systems Security Report

IoMT cybersecurity tailor-made for healthcare organizations protects patient safety with deep knowledge of clinical communications

Cynerio
Apr 27, 2020

MDS2 Forms: Unpacking the Gold Standard Guideline of Medical Device Security

After a long and grueling procurement process, your hospital finally receives a new supply of ventilators. Along with the devices, the vendor also sends along bundles of booklets: troubleshooting manuals, warranty information, and every Biomed and Clinical Engineer's favorite go-to doc: the device's MDS2 form.

Cynerio
Apr 2, 2020

A Peek Into Our Webinar: Medical Device Security Lifecycle Management

To help shed some light on medical device security lifecycles and to help adapt to unforeseeable changes in the healthcare industry, Cynerio partnered with the Biomed/CE publication, TechNation, and led a webinar on the essential ins and outs of managing the medical device security lifecycle. Here’s a quick peek at the highlights.

Cynerio
Mar 31, 2020

Part 1: Coronavirus’s Impact on Healthcare IT: Supporting Real-Time Needs of Hospitals in Crisis

The influx of patients caused by today’s COVID-19 Coronavirus pandemic is crippling health systems worldwide and placing unprecedented strain on vulnerable hospital IT networks.

Leon Lerman
Mar 19, 2020

Cynerio Introduces Virtual Segmentation to Healthcare IoT Cybersecurity

Medical-first virtual segmentation cuts healthcare IoT security project times from more than a year to weeks and provides confidence in continuous medical services.

Cynerio
Feb 17, 2020

Is Your Hospital Prepared for Windows 7 End of Life?

Data breaches in the healthcare sector cost the US $4 billion in 2019. When Microsoft ended support for Windows XP in 2014, the healthcare sector suffered the most.

Cynerio
Feb 5, 2020

Cynerio Offers Hospitals Free Cyber Risk Assessment as Windows 7 Hits End of Life

Millions of connected medical devices will be placed at greater risk of cyber attack when Microsoft discontinues support for Windows 7 on January 14.

Cynerio
Jan 14, 2020

Advizex Partners with Cynerio to Deliver IoMT Cybersecurity Solutions to North American Healthcare Organizations

New York, NY - November 13, 2019 – Advizex and Cynerio today announced the partnership to deliver IoMT Cyber security solutions throughout North America.

Cynerio
Nov 13, 2019

Cynerio honored as Gold winner in the 11th Annual 2019 Golden Bridge Awards® in the Medical Information Security Category

Today we announced that our IoMT cybersecurity solution has been selected as a Gold winner in the 11th Annual 2019 Golden Bridge Awards in the Medical Information Security Category.

Cynerio
Sep 29, 2019

URGENT/11 TCP/IP Stack Vulnerabilities

URGENT/11 is a group of 11 zero-day vulnerabilities found in the VxWorks TCP/IP stack (IPnet) are remotely executable and affect millions of medical and IoT devices.

Cynerio
Aug 1, 2019

Healthcare Cybersecurity has its own award category At last!

Today we announced that our IoMT cybersecurity solution has been selected as the winner of the Healthcare Analytics Innovation Award from MedTech Breakthrough...

Cynerio
Jun 11, 2019

Cynerio Secures $7 Million Seed Round Funding to Drive US Market Development

New York, January 9, 2019 – Cynerio today announced the completion of its $7 million funding round to fuel growth....

Cynerio
Jun 11, 2019

Medical device risk mitigation is perhaps the most pressing issue for healthcare CIOs

Hackers see hospitals as treasure troves; they hold our most sensitive data, including medical records, financial information...

John Halamka
Oct 16, 2018

Cynerio Welcomes Dr. John Halamka as Advisor

Harvard’s International Healthcare Innovation Professor & Chief information Officer at Beth Israel Deaconess Medical Center Joins Cynerio in an Advisory Capacity

Cynerio
Oct 15, 2018

Cisco and Cynerio partner to improve medical device security

Healthcare organizations face new cybersecurity challenges as the rising number of cyber-attacks impact services and put patient safety at risk.

Cynerio Research
Sep 19, 2018

A deeper dive into healthcare hacking and medical record fraud

The number of patient medical record breaches reported due to hacking or unauthorized access events has been climbing over the past years...

Cynerio Research
Jul 18, 2018

Healthcare Hacking Trends on the Dark Web

One of the many troubling trends in dark web black markets is the buying and selling of PHI – protected health information...

Cynerio Research
Jun 11, 2018

Medical device vulnerabilities

A series of 23 worrisome vulnerabilities in popular GE medical devices has recently been listed in an advisory by ICS-CERT – the US government...

Leon Lerman
Apr 17, 2018

Cynerio delivers innovative medical device protection

Rambam Health Care Campus commonly known as Rambam Hospital, is piloting Cynerio’s cutting edge cybersecurity technology...

Leon Lerman
Mar 22, 2018

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability

HomeAboutCareersContact Us
Privacy Policy
© Copyrights Cynerio 2021