Help Net Security writes that security threats related to IoT and related devices within healthcare environments have remained sorely under-addressed, despite increased investments in healthcare cybersecurity. Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability.
Additionally, a third of bedside healthcare IoT devices – which patients most depend on for optimal health outcomes – have an identified critical risk. If attacked, these vulnerabilities could impact service availability, data confidentiality, or patient safety – with potentially life-threatening consequences for patient care.
- IV pumps are the most common healthcare IoT device and possess a lion’s share of risk: IV pumps make up 38% of a hospital’s typical healthcare IoT footprint and 73% of those have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
- Healthcare IoT running outdated Windows versions dominate devices in critical care sectors: Devices running versions older than Windows 10 account for the majority of devices used by pharmacology, oncology, and laboratory devices, and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.
- Default passwords remain a common risk: The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from manuals posted online, with 21% of devices secured by weak or default credentials.
- Network segmentation can reduce critical IoMT and IoT risk: Network segmentation can address over 90 percent of the critical risks presented by connected medical devices in hospitals and is the most effective way to mitigate most risks presented by connected devices.
<p>The healthcare industry is often viewed as the weak link and are therefore targeted in specific attacks. They can also get caught up in other attacks in collateral damage due to insufficient protection which urgently requires attention. IoT devices are slower to being brought up to speed with little or no in-built protection which can cause problems elsewhere in the network. For example, when default passwords are continually used, they remain a huge risk to any organisation. Although much of the patching and updating is largely free of charge, the answer usually still comes down to financing the solution. However, this is difficult when large funding is a luxury and choosing the best of what is available is often the case.</p>