The internet connection inherent to the majority of medical devices used day-to-day by consumers poses numerous risks in terms of data safety. In fact a report conducted by the FBI last year revealed that just over half of digital medical devices as well as other internet-connected devices carry within them at least one unpatched critical vulnerability, or a flaw that can be easily exploited to the detriment of the user. The most skilled malicious actors need only that sort of inroad to gain full access and reap sensitive data at will. With the number of these devices used in smart hospitals projected to double from 2021 level in three years, safeguards must be put in place, and something has to be done to address the presence of these critical vulnerabilities.
Asset visibility and security firm Armis also recently published the results of a study on the matter, in this instance analyzing over 3 billion data points collected from medical and IoT devices to determine which devices are the riskiest. It turns out the most susceptible devices are nurse call systems, 39% of which had unpatched critical vulnerabilities and 48% had other unpatched vulnerabilities. Next up were infusion pumps, wherein 27% contained at least one unpatched critical flaw, and then medical dispensing systems, which were found to hold said flaws at a 4% rate, and have other unpatched vulnerabilities at the astoundingly high rate of 86%. Across all connected medical devices, Armis found, just shy of 20% were running on unsupported operating systems. This is unsurprising, as a decent percentage of IoMT devices often outlast their native operating systems’ lifespan.
“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” said Mohammad Waqas, Armis’ Principal Solutions Architect for Healthcare. “Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”