TLS/SSL Management Issues Increase Healthcare Ransomware Risk

TLS/SSL Management

Recent BitSight research shows that 76% of healthcare organizations may be at increased risk of ransomware attacks due to poor TLS/SSL configuration management.

TLS/SSL certificate and configuration management presents a considerable challenge. That’s because a typical healthcare organization may have hundreds or thousands of TLS/SSL certificates identifying specific Internet-connected devices. Plus, many lack an organization-wide framework for discovering, cataloging, and managing TLS/SSL configurations. Instead, management is conducted on an ad hoc basis, usually at a departmental level.

This is problematic, as expired certificates and poor configurations can result in system outages and increased access points for bad actors. The most notorious healthcare security incident related to TLS/SSL protocols, the Community Health Systems Inc. breach, occurred back in 2014. However, threats associated with poor TLS/SSL management persist today. 

Article Link: TLS/SSL Management Issues Increase Healthcare Ransomware Risk