Allison Murray, Staff Writer
Allison Murray is a writer based in Chicago
on January 20, 2022
| Topic: Ransomware
More than half of the connected medical devices in hospitals pose security threats due to critical vulnerabilities that could potentially compromise patient care.
The report warns that if these medical devices were to be accessed by hackers, it would impact service availability, data confidentiality, and even patient safety.
“Healthcare is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care,” said Daniel Brodie, the CTO, and co-founder, Cynerio, in a statement. “Hospitals and health systems don’t need more data — they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers, it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death.”
Out of all the medical devices, the report found that infusion (IV) pumps are the most common device with some type of vulnerability at 73%, especially since they make up 38% of a hospital’s IoT. If attackers were to hack into an IV pump, it would directly affect the patients since the pumps are connected.
Some of the causes of these vulnerabilities result from relatively simple things, such as outdated programs. For example, the report found that most medical IoT devices were running older Windows versions, specifically, older than Windows 10. In addition, default passwords that are the same throughout an organization are common risks, especially since these weak default credentials secure about 21% of devices.
Healthcare security: IT pros warn of vulnerable HVAC systems, imaging machines, check-in kiosks and more
Healthcare has become the number one target for cybercriminals in recent years, primarily due to outdated systems and not enough cybersecurity protocols. More than 93% of healthcare organizations experienced some type of data breach between 2016-2019.
Just last month, Maryland’s Department of Health experienced a ransomware attack that affected the department for weeks. The attack left the department scrambling since it could not release COVID-19 case rates amid the Omicron surge, and the number of COVID-19 deaths were not reported in the state for almost all of December.
Cynerio notes that the solution to mitigating these vulnerabilities to reduce ransomware attacks is network segmentation. By dividing up a hospital’s network, more than 90% of critical risks in medical devices would be addressed.
Microsoft: New browser feature is ‘huge step forward’ against zero-day threats
How tech is a weapon in modern domestic abuse — and how to protect yourself
Linux malware is on the rise. Here are three top threats right now
The best antivirus software and apps: Keep your PC, phone, and tablet safe