After a year of unprecedented cyberattacks on several hospitals and medical centers across the globe, the health care sector has become a primary target to threat actors. In addition to exploiting patients’ data and disrupting hospital networks, cybercriminals are now targeting critical connected-medical devices deployed in hospital environments.
According to research from Cynerio – a health care IoT security platform, several medical IoT devices are prone to cyberattacks exposing hospitals and patients’ data to various cyberthreats. In its 2022 State of Healthcare IoT Device Security Report, Cynerio stated that medical IoT security has remained unaddressed despite increased healthcare cybersecurity investments. It’s found that nearly 53% of connected medical devices and other IoT devices in hospitals have known critical vulnerabilities. If compromised, these vulnerabilities could allow an attacker to perform multiple criminal activities like impacting service availability, data confidentiality, or patient safety.
Key Findings:
- IV pumps make up 38% of a hospital’s routine health care IoT footprint, and 73% of these have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
- Devices running versions older than Windows 10 account for most devices used by pharmacology, oncology, and laboratory devices and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.
- The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from online manuals, with 21% of devices secured by weak or default credentials.
- Network segmentation can address over 90% of the critical risks presented by connected medical devices in hospitals and is the most effective way to mitigate most risks presented by connected devices.
Also Read: How Brainjacking Became a New Cybersecurity Risk in Health Care
“Health care is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care. Visibility and risk identification is no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers, it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death,” said Daniel Brodie, CTO, and co-founder, Cynerio.
Medical IoT Devices and Cybersecurity
With multiple intrusions and attacks on connected medical devices, the health care providers continued to be the primary target for cybercriminals. However, the most concerning issue for the health care sector is cyberattacks on implanted medical devices. Several cybersecurity experts stated that threat actors can hijack certain connected medical devices implanted in a human’s body or brain — they are calling this Brainjacking. Read More Here…
