Critical device risks in hospital environments leave hospitals and patients vulnerable to cyber-attacks and data security issues.
Cyberio, in its 2022 “State of Healthcare IoT Device Security Report” found that 53% of connected medical devices and other IoT devices in hospitals have some known critical vulnerability. Additionally 1/3 of bedside healthcare IoT devices – which patients most depend on for optimal health outcomes – have an identified critical risk.
If attacked, these vulnerabilities could impact service availability, data confidentiality, or patient safety – with potentially life-threatening consequences for patient care.
IV Pumps Are the Most Common Healthcare IoT Device and Possess a Lion’s Share of Risk: IV pumps make up 38% of a hospital’s typical healthcare IoT footprint and 73% of those have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
Healthcare IoT Running Outdated Windows Versions Dominate Devices in Critical Care Sectors: Devices running versions older than Windows 10 account for the majority of devices used by pharmacology, oncology, and laboratory devices, and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.
Default Passwords Remain a Common Risk: The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from manuals posted online, with 21% of devices secured by weak or default credentials.
Network Segmentation Can Reduce Critical IoMT and IoT Risk: Network segmentation can address over 90 percent of the critical risks presented by connected medical devices in hospitals and is the most effective way to mitigate most risks presented by connected devices.
Healthcare industry is a Top Target for Cyber Attacks
“Healthcare is a top target for cyber attacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care,” said Daniel Brodie, CTO and co-founder, Cynerio.
“Visibility and risk identification are no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyber attacks, and as medical device security providers it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death.”
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.