Wednesday, July 3, 2019

Over Half of Medical Devices Operate Utilizing Systems that will Soon be Insecure


Healthcare systems are incredibly technology dependent.  Now, as we are moving more and more into IoT (Internet of Things) with tons of connected devices,  that dependency is growing exponentially.

However, a problem lurks in all of this tech in the healthcare sphere and that problem is security.  A recent evaluation from Forescout shows how vulnerable the current state of healthcare truly is.  Forescout uses Device Cloud "a repository of host and network information for more than 8 million devices. For this study, researchers limited Device Cloud analysis to 75 healthcare deployments with over 1.5 million devices”.  This has allowed the company to get a pretty good overall feel of what is happening in the industry.

What they found is that the healthcare sector is utilizing a huge number of devices that either operate on old, insecure legacy software or do not have adequate security to protect from unwanted attacks.

For the medical networks examined, they determined
The most common devices on medical networks are still traditional computing devices (53 percent) followed by IoT devices (39 percent), including VoIP phones, network printers, tablets and smart TVs. OT systems, including medical devices, critical care systems, building automation systems, facilities, utilities and physical security, comprise eight percent of the devices on medical networks.
Within the OT device category, the three most common connected medical devices found were patient tracking and identification systems (38 percent), infusion pumps (32 percent) and patient monitors (12 percent). Considering the growing number of vulnerabilities in OT environments, we can see an increase in the attack surface in healthcare environments.

The potential security issues arise when you consider that 71% of the Windows devices are currently using some version that Microsoft is planning to no longer support as of January 14, 2020.  When they are no longer supported, those systems will no longer be receiving security updates to patch them from vulnerabilities.  Obviously it would be impossible to update all of those systems to a current operating system.  Many healthcare systems would cease to function properly if their OS were updated.

That leaves a bit of a security mess.  With attacks in the healthcare sector increasing at an almost exponential rate, keeping systems secure is critical.  For all the info on the Forescout analysis, click here.

No comments:

Post a Comment