Majority of healthcare devices will be vulnerable to cyberattack

As healthcare operators continually rely on medical devices in workflows, unsupported devices are likely to become more vulnerable to cyberattacks, according to a report from medical device and internet of things company Forescout.

The findings underscore that as medical devices can do more and become more prevalent, the risk of cyberattacks also grow.

Healthcare operators these days are utilizing a number of different devices on medical networks, though more than half are still traditional computing devices, while nearly 40% are IoT devices, such as network printers, tablets, and smart TVs.

Of devices that run Windows, 71% will see their software expire in 2020, opening up the risk of cyberattacks, according to Forescout.

“Running unsupported operating systems poses a risk that may expose vulnerabilities and has the potential to impact regulatory compliance,” the report reads.

Furthermore, the vast majority––85%––of medical devices running Windows OS had a protocol called Server Block Messaging turned on, “allowing uncontrolled access for attackers to get beyond the perimeter and move laterally,” the report reads. This network port may have been left on by default by the device manufacturer and never corrected by security IT staff at a healthcare facility.

The report comes at a time when cyberattacks on health information continue to grow. A survey conducted in 2018 found that 1 in 3 healthcare organizations had experienced a cyberattack in the last year.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”