Majority of healthcare devices will be vulnerable to cyberattack

As healthcare operators continually rely on medical devices in workflows, unsupported devices are likely to become more vulnerable to cyberattacks, according to a report from medical device and internet of things company Forescout.

The findings underscore that as medical devices can do more and become more prevalent, the risk of cyberattacks also grow.

Healthcare operators these days are utilizing a number of different devices on medical networks, though more than half are still traditional computing devices, while nearly 40% are IoT devices, such as network printers, tablets, and smart TVs.

Of devices that run Windows, 71% will see their software expire in 2020, opening up the risk of cyberattacks, according to Forescout.

“Running unsupported operating systems poses a risk that may expose vulnerabilities and has the potential to impact regulatory compliance,” the report reads.

Furthermore, the vast majority––85%––of medical devices running Windows OS had a protocol called Server Block Messaging turned on, “allowing uncontrolled access for attackers to get beyond the perimeter and move laterally,” the report reads. This network port may have been left on by default by the device manufacturer and never corrected by security IT staff at a healthcare facility.

The report comes at a time when cyberattacks on health information continue to grow. A survey conducted in 2018 found that 1 in 3 healthcare organizations had experienced a cyberattack in the last year.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."
 

With generative AI coming into its own, AI regulators must avoid relying too much on principles of risk management—and not enough on those of uncertainty management.

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Trimed Popup
Trimed Popup