Over 1750 Total Lots Up For Auction at Five Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/03, TX 05/06, NJ 05/08

Spanish Spanish

Best practices for managing the cybersecurity risks of connected devices

by John R. Fischer, Senior Reporter | May 05, 2023
Health IT
Share
Nearly one in five connected IoMT and IoT (Internet of Things) devices in hospitals run on unsupported operating systems, putting them at greater risk for hacking.
In 2026, smart hospitals will be relying on more than 7 million IoMT (Internet of Medical Things) devices, doubling the amount they had in 2021, and putting them at greater risk for potential cyberattacks.

In a recent survey, cybersecurity firm Armis found that nearly one in five connected IoMT and IoT (Internet of Things) devices in hospitals run on unsupported operating systems, and identified devices with critical severity unpatched common vulnerabilities and exposures (CVEs) that made them the most at risk.

The key to mitigating risk is prioritizing remediation efforts based not only on the severity of vulnerability, but also the potential impact on quality of care, as well as increasing account asset visibility and cross-team collaborations, Mohammad Waqas, Armis' principal solutions architect for healthcare, told HCB News.

"Uncovering vulnerabilities is inevitable," he said. "The speed of response and remediation is where we have the most potential to minimize risk."

Putting safety first
For the survey, Armis assessed data from its own proprietary security platform, which tracks over three billion assets, and found nurse call systems to be more at risk than any other IoMT device, with 39% having critical severity unpatched CVEs and 48% having unpatched CVEs. Behind them are infusion pumps, at 27% and 30%; and medication dispensing systems, at 4% and 86%, with 32% also running on unsupported Windows versions.

Internet protocol (IP) cameras were the riskiest of all IoT devices, at 56% and 59%; followed by printers, at 30% and 37%; and VolP devices, at 2% and 53%.

The complex, interconnected nature of these devices allows hackers to potentially breach multiple systems, including those tracking patient records, and tamper with devices, posing harm to patients, or hold information for ransom.

"Identity and access management should be a top priority for any healthcare organization. This helps with HIPAA compliance requirements and makes it more difficult for adversaries to gain privileged access to sensitive data," Allie Roblee, cyber intelligence analyst at Resilience, told HCB News.

Ensuring less secure connected devices are separate from others is also important for limiting the spread of any potential breach. "Since patching is complex for these systems and sometimes not an option, they should also be considered 'untrusted' devices and limited from connecting or communicating with systems holding patient data," said Roblee.

Building transparency through collaboration
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR