According to a new report, the FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features. Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity. Medical device vulnerabilities predominantly stem from device hardware design and device software management. Routine challenges include the use of standardised configurations, specialized configurations, including a substantial number of managed devices on the network, lack of device embedded security features, and the inability to upgrade those features.
This comes after Proofpoint and Ponemon conducted research that found ransomware attacks are delaying procedures and tests, resulting in poor patient outcomes and increased complications from medical procedures. Eighty-nine percent of healthcare organisations surveyed have experienced an average of 43 attacks in the past 12 months — almost one attack per week — the report finds. The most common consequences of attacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of respondent healthcare providers and increased complications from medical procedures for nearly half.