HHS OCIO HC3 TLP White Threat Brief: Abuse of Legitimate Security Tools and the HPH

The same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure.

  • Cobalt Strike
  • PowerShell
  • Mimikatz
  •  Sysinternals
  • Anydesk
  • Brute Ratel
  • References

A Few Caveats...

  • This presentation is neither an endorsement nor a criticism of the tools that are described.
    • The HHS has no position on the legitimate use of these or any other open source or vendor tools/capabilities. Each should be evaluated based on its own merits and drawbacks.
    • This is also not a condemnation of these tools nor is it a call for healthcare organizations to avoid them. They have value, as evidenced by their popularity.

Ultimately, healthcare organizations should weigh the risks and rewards of each of these tools and be aware of both the value and risk they bring with them.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member
Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity
Infographics
H-ISAC TLP GREEN: Daily Cyber Headlines - April 8, 2024
Member
Other Resources
RWJ Barnabas Improves IoT Security Without Care Disruption
Advancing Health Podcast
Part Two: Cyberthreats and Assessing Third-Party Risk with Providence
Public