← 블로그로 돌아가기
보안 브리핑 ⏱️ 8분 읽기

3월 2일 보안 브리핑: 랜섬웨어 조직이 NIS2 앞두고 의료기관 타겟팅 — KENSAI

With 4 days until NIS2 규정 준수 마감일, 랜섬웨어 operators are weaponizing regulatory pressure. Three major EU hospitals were hit 이번 주, while new 익스플로잇 chains targeting medical devices prompted emergency warnings from FDA and EMA.


🚨 이번 주 치명적 취약점

CVE-2026-22014 — GE Healthcare PACS 치명적 RCE (CVSS 10.0)

GE Healthcare's Centricity PACS (Picture Archiving and Communication System) contains an unauthenticated 원격 코드 실행(RCE) 취약점 in DICOM image processing. 공격자가 할 수 있습니다 send malicious medical images to execute arbitrary code with SYSTEM privileges. 활성 악용 확인됨 in 랜섬웨어 campaigns targeting hospitals.

영향범위: Centricity PACS versions 5.0 through 6.2

Fix: Apply emergency patch 6.2.1 immediately. Isolate PACS systems from internet exposure.

Additional 치명적 CVEs

CVE 제품 CVSS 영향
CVE-2026-22015 Philips IntelliSpace 9.8 SQL 인젝션 → patient 데이터 유출
CVE-2026-22016 Siemens Teamplay 9.4 인증 우회 in radiology platform
CVE-2026-22017 Medtronic CareLink 9.1 Insulin pump remote control 취약점
CVE-2026-22018 Epic Systems EHR 8.6 IDOR allowing cross-patient record access

🏥 의료기관 랜섬웨어 급증

Three major European hospitals were crippled by coordinated 랜섬웨어 attacks 이번 주—timing that coincides with the March 6 NIS2 deadline. Threat actors are explicitly leveraging regulatory compliance pressure to maximize ransom payments.

Hospitals Hit 이번 주

📊 Healthcare Attack Statistics

⚠️ 의료 기기 익스플로잇 체인

The US FDA and European EMA issued joint emergency warnings about chained 익스플로잇s targeting medical devices. Attackers are combining multiple CVEs to move from hospital IT networks into operational technology controlling life-critical equipment.

Observed Attack Chain

  1. 초기 접근: Spear-피싱 hospital IT staff with fake NIS2 compliance audit emails (95% open rate observed)
  2. 횡적 이동: Exploit CVE-2026-22015 (Philips IntelliSpace SQL 인젝션) to access radiology network 자격 증명s
  3. 권한 상승: Use stolen PACS admin 자격 증명s to access GE Centricity systems
  4. Persistence: Deploy CVE-2026-22014 익스플로잇 to achieve RCE on medical imaging servers
  5. 영향: Encrypt patient data, modify DICOM metadata, potentially tamper with diagnostic images (patient safety risk)

🚑 치명적: Patient Safety Risk

FDA and EMA warn that compromised medical imaging systems could result in misdiagnosis if attackers modify radiology images. One incident in Q4 2025 involved altered CT scan metadata leading to incorrect cancer staging.

Hospitals must implement:

🇪🇺 NIS2 마감: 4일 남음

Germany's BSI registration deadline is March 6, 2026 (23:59 CET). 의료 기관 are classified as "essential entities" under NIS2—the highest tier of regulation with the strictest 벌금.

Healthcare-Specific NIS2 Requirements

Requirement Healthcare Implication 벌금 for 아니오n-Compliance
24-hour 침해 통지 Must notify BSI within 24h of detecting 랜섬웨어 €10M or 2% global revenue
Supply chain security Liable for 취약점 in medical device software €10M or 2% global revenue
취약점 management Must patch critical CVEs within 14 days €10M or 2% global revenue
Personal liability Hospital CISOs/CTOs criminally liable for negligence Criminal prosecution possible

Ransomware Operators Weaponizing NIS2

Ransomware gangs are adapting their tactics to 익스플로잇 NIS2 compliance pressure:

🔍 위협 행위자 분석

BlackCat (ALPHV) Targets German Healthcare

BlackCat 랜섬웨어-as-a-service affiliates are explicitly targeting German hospitals in the NIS2 compliance window. Their leak site now includes a "NIS2 아니오n-Compliance Report Generator"—threatening to auto-generate regulatory complaints to BSI for victims who don't pay.

TTPs observed:

국가 지원 Reconnaissance

BfV (German Federal Office for the Protection of the Constitution) reports that APT29 (Cozy Bear, Russian SVR) is conducting reconnaissance operations against German healthcare infrastructure. Unlike 랜섬웨어 gangs, APT29 is not deploying ransomware—they're mapping hospital networks for potential future sabotage operations.

✅ 의료 기관을 위한 즉시 조치

  1. Patch medical devices immediately: All CVEs listed above (GE PACS, Philips IntelliSpace, Siemens, Medtronic, Epic). Prioritize internet-exposed systems.
  2. Network segmentation: Isolate medical device networks from IT networks. 아니오 direct internet access for PACS/EHR systems.
  3. NIS2 registration: If you haven't registered with BSI, do it TODAY. You have 4 days. Incomplete registration is better than no registration.
  4. Incident response drill: Can you detect a breach within 24 hours? Test it. NIS2 requires documented incident detection capabilities.
  5. Backup verification: Test offline backups. 73% of healthcare 랜섬웨어 victims discover backup corruption during recovery attempts.
  6. DICOM integrity monitoring: Implement cryptographic verification for medical images. Patient safety depends on diagnostic accuracy.
  7. Vendor security audit: You're liable for medical device manufacturer 취약점 under NIS2. Demand 취약점 disclosure timelines from GE, Philips, Siemens, Medtronic.

Healthcare Security Audit in 5 Minutes

KENSAI's healthcare-specific scanner detects all 5 critical medical device CVEs—plus exposed PACS systems, EHR misconfigurations, and NIS2 compliance gaps. Get your BSI-ready audit report instantly.

Start Free Healthcare Scan →

📚 추가 리소스


Stay vigilant. Lives depend on it.
KENSAI Security Research Team
March 2, 2026 — 07:00 CET