Nurse call systems and infusion pumps have been found to be the most risky connected medical devices, suggests a new report from asset visibility and security firm Armis.
Based on tracking more than 3 billion Internet of Things (IoT) and medical devices in clinical settings, the research document identifies all nurse call systems (i.e., how patients call to alert caregivers when they need assistance). devices) are of critical severity, indicating that they have not been patched. Common Vulnerabilities and Exposures (CVE). Nearly half of them (48%) have unpatched CVEs.
For more information on healthcare vulnerabilities, see #HowTo: Protect Your Healthcare Provider Data.
The numbers for infusion pumps are slightly lower. An infusion pump is a medical device used by healthcare professionals to deliver fluids, such as nutrients and medications, into a patient’s body in a controlled manner. According to Armis, 27% of them are critical severity with his CVE unpatched and 30% are unpatched CVEs.
The third spot has a dedicated dispensing system used to organize, prepare, prescribe, and deliver prescriptions to patients. About 4% have unpatched critical severity in his CVEs, but for unpatched CVEs the number is much higher (86%). Additionally, 32% of them run on unsupported Windows versions.
The unsupported software issue extends to other devices as well. Armis reports that 19% of all connected medical devices are running unsupported versions of the OS.
Additionally, the company found that IP cameras were the highest-risk IoT devices in clinical settings, with more than half of them having unpatched critical CVEs (56%) and unpatched CVEs (59%). Observed.
Printers are the second highest risk IoT device in clinical settings, with 37% having unpatched CVEs and 30% having unpatched CVEs of Critical severity.
VoIP was third on the IoT list, with more than half (53%) having unpatched CVEs. Interestingly, only 2% of them have his unpatched CVE of Critical severity.
“These numbers are a strong indicator of the challenges facing healthcare organizations worldwide. Advances in technology are essential, but with the rise of connected healthcare comes a greater attack surface,” commented Mohammad Waqas, Principal Solutions Architect for Healthcare at Armis.
“Securing all kinds of connected devices, medical, IoT and even building management systems with full visibility and continuous contextual monitoring is a key factor in ensuring patient safety. ”
The Armis report comes weeks after Microsoft observed an actor KillNet targeting healthcare applications hosted using Microsoft Azure infrastructure.
