Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a “very large” unnamed US healthcare organization exposing more than 68,000 medical systems. Tim Erlin, director of security and product management at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“The Internet of Things is already here, and some of its denizens are already in critical condition.
Embedded devices are nothing new, and the expansion of Internet connectivity has turned networked embedded devices, from energy to healthcare, into internetworked embedded devices. As the forward end of the industry works to bring the ‘things’ to the Internet, the Internet has already been brought to the ‘things’ that were out there.
With embedded devices, it’s often not as simple as applying the latest updates. When those devices interact directly with a human being in a therapeutic task, it’s even more complicated to make changes. This isn’t a challenge that’s likely to go away. It’s likely to get worse, and make headlines, when someone hacks a medical device to make a point.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.