Three-quarters of infusion pumps have security flaws that make them more vulnerable to cyberattacks. In addition, 52% are susceptible to two risks disclosed in 2019, with one ranked as critically severe and the other as highly severe.
This is what Palo Alto Networks' Unit 42, a team of security analysts that research cyberthreats, found when analyzing more than 200,000 pumps on the networks of hospitals and other healthcare organizations that use the company's IoT Security for Healthcare. One or more of some 40 known cybersecurity vulnerabilities and 70 other types of security shortcomings were in 75%.
As network-connected devices, infusion pumps act as a pathway for attackers into hospital networks, which can put the lives of patients at risk and expose sensitive data. “Our discovery of security gaps in three out of four infusion pumps that we reviewed highlights the need for the healthcare industry to redouble efforts to protect against known vulnerabilities, while diligently following best practices for infusion pumps and hospital networks," said Unit 42 in a blog post.
Among the vulnerabilities uncovered were leakage of sensitive information, overflow or incorrect access control, and security flaws in IoMT (and IoT) devices and their operating systems that use third-party cross-platform libraries such as network stacks.
Despite efforts from manufacturers, researchers and the government, several issues make infusion pumps easy targets for attackers. Many providers rely on older, legacy models that do not have adequate security measures and insufficiently use network segmentation and best practices for protecting themselves against attacks. Security training for healthcare workers is also not up to par.
Even updating pumps with security updates and features is a struggle
because the task requires locating all units of a fleet and manually implementing the change. Most pumps currently do not support wireless software and firmware updates, according to Juuso Leinonen, a senior project engineer at ECRI. "This can be particularly challenging with security updates that may merit expeditious implementation," he told HCB News in an article last year.
Additionally, large hospitals or clinics can house thousands of infusion pumps. These vast number of devices make recalls long and anxious processes for supply chain managers, clinical engineers and IT security teams. The researchers say they require more than just alerts but strategies and technology with built-in protection that can help secure these devices.
Here are a few they suggest:
- Accurate discovery and inventory – simple and organized protocols for identifying, locating and assessing the use of pumps, including mobile and rental equipment. This ensures accurate inventory that can be shared with asset management or computerized maintenance management system (CMMS) solutions, and helps with procurement planning and eliminates costly underutilization of rental equipment. A location feature is also handy for preventive maintenance and manually fixing an issue.
- Holistic risk assessment to proactively identify flaws and compliance gaps – systems collect insights from AI-based deep-risk assessments, including threat indicators (i.e., abnormal device connections); monitor CVEs and consider recalls, MDS2 data, EPHI information and vendor patching; and have a risk assessment strategy in place, including for integrating third-party vulnerability management systems.
- Apply risk reduction policies – real-time risk monitoring, reporting and alerting can proactively reduce IoMT risk. This can include consistent profiling of device activity to form zero trust policy recommendations for trusted access and segmenting infusion pumps from other IoT devices to reduce attack radius (i.e., devices should have own isolated VLANS)
- Prevent threats – Built-in prevention capabilities block known targeted IoT malware, spyware and exploits. This prevents the use of DNS for C2, stops access to bad URLs and malicious websites that leads to loss of sensitive patient data, and allows for swift responses to threats.
“To successfully implement secure clinical and device workflow management that is scalable, yet practical to maintain and enforce, the methodology should also alleviate the escalating operational burdens of securing and managing medical devices for both network security and clinical support teams," said Unit 42.