Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic

In our paper we analyze the attack surface of German hospitals and healthcare providers in 2020 during the COVID-19 Pandemic. The analysis looked at the publicly visible attack surface utilizing a Distributed Cyber Recon System, utilizing distributed Internet scanning, Big Data methods and scan data of 1,483 GB from more than 89 different global Internet scans. From the 1,555 identified German clinical entities, security posture analysis was conducted by looking at more than 13,000 service banners for version identification and subsequent CVE-based vulnerability identification. Primary analysis shows that 32 percent of the analyzed services were determined as vulnerable to various degrees and 36 percent of all hospitals showed numerous vulnerabilities. Further resulting vulnerability statistics were mapped against size of organization and hospital bed count.