News

Hospitals and their patients continue to be vulnerable to cyber attacks and data security issues after over a year of unprecedented ransomware attacks on hospitals and healthcare systems. Healthcare is now the #1 target for cybercriminals.

Despite increased investments in healthcare cybersecurity, Cynerio found that security challenges related to the Internet of Things (IoT) and related devices have remained unaddressed.

Hospitals have a known critical vulnerability in 53% of their connected medical devices, as well as other IoT devices.

In addition, one-third of bedside healthcare IoT devices are identified as critical risks – the devices most relied on by patients for optimal health outcomes. If exploited, these vulnerabilities could put patient safety, data confidentiality, and service availability at risk – potentially leading to life-threatening consequences for the patient.

Daniel Brodie, CTO of Cynerio, had this to say: “Healthcare is a top target for cyber attacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care. Visibility and risk identification are no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyber attacks, and as medical device security providers it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death.”

The majority of risks to critical medical devices prone to cyber-attack are as follows:

IV Pumps: As one of the most common IoT devices used in healthcare, IV pumps make up 38% of a hospital’s typical IoT footprint. Currently, 73% of these IoT devices are vulnerable, which could compromise patient safety, data security, or service availability if they were exploited by third parties.

Older versions of Windows dominating IoT devices in the healthcare sphere:

The vast majority of devices used in pharmacology, oncology, and laboratory settings, and the majority of devices used in radiology, neurology, and surgery departments run older versions of Windows, leaving them, and by proxy connected patients, vulnerable to attack.

Default passwords continue to be a major security concern:

21% of devices secured by default credentials can be accessed by attackers easily from online manuals, and default passwords and settings are connected to IoMT and IoT device risks.

Network segmentation could significantly reduce critical loMT/loT risks:

Over 90 percent of the critical risks associated with connected medical devices in hospitals can be addressed through network segmentation, which is the most effective way to address most risks caused by connected devices.