Microsoft's AI Health Bot required patching for privilege vulnerability
Photo by: Westend61/Getty Images
Microsoft released a new vulnerability and patched Azure Health Bot, a managed artificial intelligence-enabled cloud platform healthcare organizations use to develop virtual healthcare assistants. Researchers explained how they were able to gain access and the quick fix needed.
WHY IT MATTERS
The HIPAA-compliant Health Bot platform combines medical data with natural language capabilities to understand clinical terminology for use in clinical care, Microsoft said on its website.
Healthcare organizations can use the Health Bot to create customized virtual assistants for clinical staff.
Microsoft assigned the elevation of privilege vulnerability, related to improper link resolution before file access, CVE-2024-38098, on August 13. In the report, Microsoft said the vulnerability had not been disclosed or exploited, and was unlikely to be.
Tenable researchers obtained an access token for management.azure.com that enabled them to list the subscriptions they had access to via the application programming interface, which provided them with a subscription ID internal to Microsoft, Infosecurity Magazine said on Wednesday.
The researchers contacted Microsoft on June 17 and fixes were introduced into affected environments by July 2, according to the story, which indicated that the vulnerability was fixed by rejecting redirect status codes for data connection endpoints.
On the company's blog Tuesday, Tenable researchers said they discovered multiple privilege-escalation issues in Azure Health Bot through a server-side request forgery. That allowed researchers access to cross-tenant resources.
Tenable said its researchers were interested in data connections that allow bots to interact with external data sources to retrieve information from other services that the provider may be using – "such as a portal for patient information or a reference database for general medical information."
"Based on the level of access granted, it’s likely that lateral movement to other resources would have been possible," the researchers said.
They said they also discovered another endpoint used for validating data connections for Fast Healthcare Interoperability Resources endpoints that were "more or less vulnerable to the same attack." However, the FHIR endpoint vector could not influence requests and access.
Microsoft also had six of nine zero-day vulnerabilities exploited, according to its August report.
THE LARGER TREND
The U.S. Department of Health and Human Services requires FHIR APIs in all certified electronic health record systems – which can be accessed by Azure Health Bot – under its Health IT Certification Program rules.
Since FHIR is a framework, discovered vulnerabilities are typically traced to how data and app developers implement it. The FHIR standard is widely embraced as part of the future of healthcare interoperability.
In June, the Office of the National Coordinator for Healthcare Technology and the Health Resources and Services Administration said HRSA began using FHIR-based APIs to streamline reporting processes and enhance data quality and had been receiving live data reporting from its Uniform Data System since April.
"The [United States Core Data for Interoperability, a standardized set of health data classes and elements] and Bulk FHIR were designed to provide the digital glue for a learning healthcare system and fully computable accountability for the performance of these providers in a modern big data way," Don Rucker, former ONC chief and chief strategy officer at 1UpHealth, told Healthcare IT News at the time of the agencies' announcement.
ON THE RECORD
"This data connection feature is designed to allow the service’s backend to make requests to third-party APIs," Tenable researchers said in the blog post.
"While testing these data connections to see if endpoints internal to the service could be interacted with, Tenable researchers discovered that many common endpoints, such as Azure’s Internal Metadata Service, were appropriately filtered or inaccessible. Upon closer inspection, however, it was discovered that issuing redirect responses (e.g. 301/302 status codes) allowed these mitigations to be bypassed."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.