Protecting Healthcare: Driving Vulnerability Remediation via Manual Testing

Healthcare organizations operate in complex environments with expansive attack surfaces, interconnected systems, and legacy infrastructure, making them prime targets for cybercriminals. These environments support critical functions such as patient care, medical devices, and administrative operations, creating inherent risks that are challenging to mitigate. Legacy systems, deeply integrated into hospital workflows, pose additional difficulties as updates or replacements can risk disruptions to patient care—vulnerabilities cybercriminals are quick to exploit.

RealTime Cyber partnered with a large Tier 1 hospital to conduct a robust penetration testing engagement. This project aimed to uncover vulnerabilities, evaluate the hospital’s cybersecurity defenses including detection and response, and provide actionable recommendations to mitigate risks.

Methodologies

The penetration tests followed structured methodologies:

• Application Testing: Leveraged our favorite tools as well as manual analysis to identify SQL injection, cross-site scripting (XSS), and business logic flaws. Privilege escalation scenarios and file upload vulnerabilities were tested to ensure the application adhered to security best practices.
• External Testing: Combined automated tools like Nmap with manual techniques to uncover misconfigurations, weak SSL/TLS settings, and exploitable vulnerabilities in exposed services.
• Wireless Testing: Identified SSIDs, captured WPA2 handshakes for offline analysis, and tested network resilience against advanced attacks like Evil Twin and deauthentication attacks.‍
• Social Engineering: Conducted stealth campaigns emulating advanced persistent threat (APT) tactics using CEO voice cloning and spoofed vendor emails to craft convincing phishing attacks, paired with cloned login portals for credential harvesting.

Outcome

RealTime Cyber's assessment of a leading Tier 1 children’s hospital benchmarked its security posture against industry standards. The evaluation highlighted strong incident detection and response capabilities, resilience to advanced social engineering attempts, and secure wireless network configurations. While vulnerabilities allowing potential network access and privilege escalation were identified, the organization demonstrated rapid detection and mitigation, minimizing potential impacts on sensitive data and critical systems.

• A remote code execution flaw allowed unauthorized access to internal systems linked to Active Directory. We were then able to move laterally and escalate privilege.
• Outdated dependencies that left systems vulnerable.
• Insecure policies increased susceptibility to email spoofing
• Spear-Phishing susceptibility highlighted.