HHS OCIO HC3 TLP White Threat Brief: Abuse of Legitimate Security Tools and the HPH

The same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure.

  • Cobalt Strike
  • PowerShell
  • Mimikatz
  •  Sysinternals
  • Anydesk
  • Brute Ratel
  • References

A Few Caveats...

  • This presentation is neither an endorsement nor a criticism of the tools that are described.
    • The HHS has no position on the legitimate use of these or any other open source or vendor tools/capabilities. Each should be evaluated based on its own merits and drawbacks.
    • This is also not a condemnation of these tools nor is it a call for healthcare organizations to avoid them. They have value, as evidenced by their popularity.

Ultimately, healthcare organizations should weigh the risks and rewards of each of these tools and be aware of both the value and risk they bring with them.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public
Issue Landing Page
AHA Preferred Cybersecurity & Risk Provider Program
Issue Landing Page
Support for Your Cybersecurity Program