惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Project Zero
Project Zero
S
Security @ Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
A
Arctic Wolf
Webroot Blog
Webroot Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Security Latest
Security Latest
H
Heimdal Security Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
T
Tor Project blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
Scott Helme
Scott Helme
A
About on SuperTechFans
M
MIT News - Artificial intelligence
V
V2EX
V
Visual Studio Blog
Recorded Future
Recorded Future
博客园 - 叶小钗
F
Fortinet All Blogs
L
Lohrmann on Cybersecurity
The GitHub Blog
The GitHub Blog
博客园 - Franky
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 三生石上(FineUI控件)
I
InfoQ
SecWiki News
SecWiki News
Blog — PlanetScale
Blog — PlanetScale
Engineering at Meta
Engineering at Meta
J
Java Code Geeks
B
Blog RSS Feed
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
V
Vulnerabilities – Threatpost
H
Help Net Security

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Pitt Season 3 Already Premiered in 400 Hospital Server Rooms This Year
Grumpy Sage · 2026-05-15 · via DEV Community

A 180-bed regional hospital in the Midwest lost its EMR at 2:14 a.m. on a Tuesday. The night-shift charge nurse noticed first — the Cerner terminal froze, came back to a lock screen she didn't recognize, then went black. By 2:40, the entire fourth floor was on paper. By 3:15, the ED was running on whiteboards and memory. Nurses were walking lab results between floors because the pneumatic tube system's controller had also gone down — it ran on the same network segment.

The CIO told me later that the part that shook him wasn't the ransomware demand. It was watching his team revert to procedures none of them had practiced since nursing school. He said it felt like watching an episode of Pitt, except the cameras weren't rolling and nobody was going to yell cut.

He wasn't being dramatic. If you've watched Pitt — the Max series set in a Pittsburgh trauma center — you've seen what happens when a hospital's digital infrastructure disappears. Systems go dark. Staff improvise. Patient data lives on sticky notes and shouted vitals. The show treats it as a dramatic set piece. For 389 U.S. hospitals hit by ransomware in 2025 alone, it was a Tuesday.

I keep coming back to this gap between fiction and operations. The entertainment industry has figured out that hospital cyberattacks make great television because the stakes are life and death and the failure mode is visceral — humans scrambling without the tools they've been trained to rely on. What the entertainment industry hasn't figured out, and what most healthcare security vendors haven't either, is that the attack surface making this possible is not the EMR. It's the building.

The systems that fail first and recover last in a healthcare cyberattack are not the clinical applications. They're the operational technology: HVAC controllers, pneumatic tube systems, nurse call stations, infusion pump networks, building management systems, medical gas monitors. These are the systems that turn a ransomware event from a billing disruption into a patient safety crisis. And almost nobody is scanning them.

The building is the attack surface

I spent a week last year walking the basements of three hospitals — two mid-size, one rural critical-access — documenting every networked device that wasn't a workstation or a printer. The list was longer than anyone expected.

Building management systems running BACnet on flat networks with no segmentation. Pneumatic tube controllers on Windows Embedded that hadn't seen a patch since 2019. HVAC units with default credentials accessible from the same VLAN as the nursing stations. Nurse call systems whose firmware update process required a vendor visit that nobody had scheduled in four years. Medical gas monitoring panels with Modbus/TCP interfaces that responded to unauthenticated queries from any device on the subnet.

None of these showed up in any of the three hospitals' IT asset inventories. The IT teams knew about servers, workstations, network gear. The facilities teams knew about the physical plant. Nobody owned the gap between them, and that gap was running on protocols designed in the 1990s for environments where the threat model was "the serial cable might get unplugged."

This is what I mean when I say the building is the attack surface. A ransomware operator who lands on a hospital network and finds BACnet devices responding to unauthenticated read/write requests doesn't just have leverage for a ransom. They have the ability to alter HVAC setpoints in surgical suites, disable nurse call systems, disrupt pneumatic tube routing, and interfere with medical gas monitoring — all without touching a single clinical application. The EMR can stay up and running. The hospital still can't safely operate.

In the Pitt pilot, the chaos starts with monitors going dark. In the real incidents I've reviewed, the chaos starts with the infrastructure nobody thought of as "cyber."

AI made the attacker faster than your patch cycle

The asymmetry in healthcare cybersecurity has always been stark. Attackers move fast; hospitals move slow. But AI has made this gap qualitatively different, not just wider.

I've been tracking the evolution of healthcare-targeting ransomware groups for two years now. The shift started in late 2024 and accelerated through 2025. What changed wasn't the malware itself — it was the reconnaissance. Groups are using LLM-assisted tooling to automate the exact kind of OT discovery I described doing manually in those hospital basements. Automated BACnet enumeration. Automated Modbus device fingerprinting. Automated identification of which building-management protocols are exposed and what default credentials they ship with.

A human operator doing this manually against a single hospital takes days. An AI-assisted pipeline does it against dozens of targets concurrently, triaging which hospitals have the most exposed OT infrastructure and therefore the most operational leverage for a ransom demand. The attacker doesn't need to understand HVAC control systems. The LLM reads the protocol documentation and generates the probe sequences.

This should worry every healthcare CISO, regardless of institution size. The economics of targeting have changed. It used to be that a 50-bed rural hospital wasn't worth the effort compared to a 500-bed academic medical center. When reconnaissance is automated and nearly free, every hospital with an internet-facing IP range is a candidate. The attacker's AI doesn't care about your bed count. It cares about your exposed BACnet port.

The 2025 numbers bear this out. Of those 389 ransomware incidents in U.S. hospitals, 41% were at facilities with fewer than 100 beds. The long tail of small and mid-size hospitals — the ones least likely to have dedicated security staff — is now the primary target pool. The Pitt scenario isn't reserved for large urban trauma centers with dramatic storylines. It's playing out in critical-access hospitals where the nearest backup facility is forty miles away and the IT department is one person who also manages the phone system.

Compliance frameworks know this but compliance alone doesn't fix it

HIPAA's Security Rule has required technical safeguards since 2005. The problem was never the requirement — it was the gap between what the regulation demands and what hospitals actually have the capability to assess.

Ask a compliance officer at a 120-bed community hospital whether they've conducted a risk assessment of their OT infrastructure. Most will tell you their risk assessment covers the EMR, the billing system, the patient portal, and the network perimeter. Maybe the medical devices if they're forward-leaning. Almost never the building management systems, the pneumatic tubes, the nurse call stations, or the HVAC controllers. Not because they don't care, but because they don't have a scanner that speaks BACnet and Modbus, and their compliance framework templates don't have a line item for "building automation system running unauthenticated protocol on clinical network."

This is where I think the industry has failed healthcare. We've built compliance tools that check boxes against the EMR and call it done. We've built vulnerability scanners that speak HTTP and SSH and call the network "scanned." Neither finds the Siemens HVAC controller with default credentials on the same subnet as the cardiac monitors.

The frameworks themselves are getting better. NIST's Healthcare Cybersecurity Framework, HHS's updated HIPAA Security Rule proposed in 2025, and the FDA's premarket cybersecurity guidance all now explicitly call out connected medical devices and operational technology. But a framework that says "assess your OT" is useless without a tool that can actually do it safely — without disrupting the devices it's scanning, without flooding fragile BACnet networks with traffic they can't handle, and without requiring a protocol expert on-site to interpret the results.

What OT scanning in healthcare actually looks like

This is the problem we built cyprobe to solve. It's a purpose-built OT and SCADA discovery and posture engine — not a network scanner with OT support bolted on as a feature checkbox. A tool that speaks the native protocols — BACnet, Modbus/TCP, EtherNet/IP, DICOM, HL7 MLLP — and understands what the responses mean in a healthcare context.

Here's what a cyprobe scan against a hospital network actually produces. First, it discovers every OT device on reachable subnets using protocol-native probes. No aggressive port scanning. No banner grabbing. It speaks BACnet Who-Is and reads the device's object list. It sends Modbus function code 43 to read device identification. It does DICOM C-ECHO to find imaging endpoints. The output is a typed inventory: device class, manufacturer, firmware version, protocol, authentication status, network segment.

Second, it assesses posture against the device's actual capabilities. Can this BACnet device be written to without authentication? Does this Modbus device respond to function codes that should be restricted? Is this DICOM endpoint accepting associations from any calling AE title? Is this HL7 interface transmitting PHI over an unencrypted channel?

Third, it maps what it finds to the compliance frameworks that matter. Each finding carries references to HIPAA Security Rule sections, NIST CSF subcategories, and the specific controls from whatever framework your compliance team is working against.

The output is not "port 47808 is open." The output is "Siemens Desigo CC building controller at 10.4.12.15 accepts unauthenticated BACnet WriteProperty requests on HVAC setpoint objects for the surgical suite air handling unit. HIPAA 164.312(a)(1) — access control. Risk: an attacker on this network segment can alter surgical suite environmental conditions without credentials."

That's the difference between a network scan and an OT assessment. One tells you a port is open. The other tells you what it means for patient safety.

Posture, not just scanning

Scanning is the beginning, not the end. What I've learned building Cybrium is that healthcare organizations — especially smaller ones — need a platform that turns scan results into a compliance posture they can act on and maintain over time.

A 50-bed critical-access hospital doesn't have a team of five security engineers to triage findings. They might have one IT person who also manages the phone system and the printer fleet. What they need is not a 200-page vulnerability report. They need a prioritized action list that says: here are the three things that will reduce your risk this week, here's exactly what to do for each one, and here's how this maps to the HIPAA requirement your auditor is going to ask about in October.

This is what the Cybrium platform does around cyprobe's scan results. Every finding feeds into a compliance posture dashboard that maps your OT, network, and application security state against HIPAA, NIST CSF, HHS CPGs, and — if you're in scope — PCI DSS and SOC 2. The dashboard is not a checklist. It's a live score that changes as your environment changes, because we run continuous assessments, not annual point-in-time audits that are stale before the PDF is delivered.

For healthcare organizations that need to demonstrate compliance to auditors, insurers, or regulators, the platform generates evidence-backed reports. Not "we believe we are compliant." Instead: here is the scan data, here are the controls it maps to, here is the residual risk, here is what we're doing about it, and here is the timeline. Auditors can drill into the underlying findings. Insurers can see the trend over quarters. Regulators get the artifact they need without the hospital spending six weeks preparing for the review.

We price healthcare at $5 per bed per month. That's deliberate. A 50-bed critical-access hospital pays $250 a month for the same platform, the same scanners, and the same compliance mapping that a 500-bed system gets. The attack surface doesn't care about your revenue. The security tooling shouldn't either.

The recomposition happening in healthcare security

What's happening in healthcare cybersecurity right now is a recomposition of the same kind that's reshaping the rest of the security industry, but with higher stakes and tighter constraints.

For twenty years, hospitals have bought point solutions: one tool for the EMR, one for the network, one for endpoints, and nothing for OT. Each tool produces its own reports, speaks its own language, and gets reviewed by a different person — if it gets reviewed at all. The result is a pile of point-in-time assessments that nobody can synthesize into a coherent picture of institutional risk.

The Pitt scenario — everything goes dark at once — happens precisely because these systems are connected in ways that no single point solution can see. The ransomware that encrypts the EMR server also encrypts the BACnet controller that happens to be on the same network segment because nobody ever segmented it, because no scanning tool ever flagged it as a risk, because no compliance framework ever asked about it specifically enough to force the question.

The recomposition is toward platforms that see all of it. OT and IT. Clinical and facilities. Network and application. Compliance and posture. Not because platforms are inherently better than point solutions — sometimes they're worse — but because in healthcare, the attack chains cross every boundary that point solutions draw, and the risk can only be assessed by something that sees across those boundaries.

That is the bet we've made with Cybrium. One platform that scans your code, your cloud, your network, your web applications, your AI infrastructure, and your operational technology. That maps every finding to the compliance frameworks your auditor cares about. That gives a 50-bed clinic the same quality of security posture visibility that a 500-bed academic medical center gets from a dedicated security team.

If you're running a hospital, a clinic, or a healthcare IT organization of any size and you want to know what your OT attack surface actually looks like — not what you hope it looks like, but what an attacker with an LLM and a free afternoon would see — find me at anand@cybrium.ai. The Pitt scenario makes great television. It makes a terrible incident report.