The dollars spent in that effort are small compared to the financial and operational pain the organization will experience if those vulnerable devices are breached. Those organizations would benefit from engaging a company specializing in IoT security like Cynerio to help identify their specific issues and assist with mitigation.
Many healthcare organizations don’t have the resources or personnel to keep systems up to date and might not know if there’s an update or alert concerning one of their devices. Devices often come with default administrative passwords (like Daemon or Admin) and settings that remain unchanged and are accessible in device manuals that attackers can easily find online.
So, what’s necessary to reduce the risk? – Cynerio’s report notes that most of the vulnerabilities in medical devices are easily fixable: they’re due to weak or default passwords or a recall notice that the organization hasn’t acted on. Most malware and ransomware are designed to attack Windows devices and will more easily threaten devices running on that operating system. And for those devices that run on the Windows operating system, most are running on older versions of Windows, which is a problem. Image Credit: CynerioĪs you can see in the graphic above, nearly 50% of medical devices run on Linux, an open-source platform renowned for its stability and possibilities for customization. There is no way for those solutions to address the wide variety of operating systems that power devices created by different manufacturers for different medical purposes. In terms of security, this makes solutions like Endpoint Detection and Response (EDR) agents almost impossible to deploy. The major challenge associated with these devices is that unlike the IT world, where Microsoft Windows dominates the desktop, healthcare IoT is all over the map. Those types of devices were in the top 10 list in terms of numbers of vulnerabilities. Other common internet-connected devices are patient monitors, which can track things like heart rate and breathing rate, and ultrasounds. Someone could theoretically access those systems and change the dosage of a medication, for example. Experts worry that hacks into devices like these, which are directly connected to patients, could be used to hurt or threaten to hurt people directly.
Infusion pumps were also the devices most likely to have vulnerabilities that hackers could exploit, and the report found - 73 percent had a vulnerability. The most common type of internet-connected device in hospitals was an infusion pump. The report analyzed data from over 10 million devices at over 300 hospitals and health care facilities globally, which the company collected through connectors attached to the devices as part of its security platform. But an area that hasn’t received much attention is the risks, threats, and security issues related to IoT and related devices within healthcare environments.Īn excellent new report published by healthcare cybersecurity company Cynerio reveals that over half of internet-connected devices used in hospitals have a vulnerability that could put patient safety, confidential data, or the usability of a device at risk. I’ve written on the topic earlier and continue to follow developments in that area. Most of the current conversations around cybersecurity in health care have centered around ransomware and its impact on health system operations and finances. “I think this is reaching a level of criticality that is getting the attention of CEOs and board rooms.”Įd Gaudet, CEO and founder, Censinet – Interview with The Verge Image Credit:
0 kommentar(er)
