A survey by healthcare cybersecurity company Cynerio had found that 53% of connected medical
and other IoT devices in hospitals have a known critical vulnerability.
If attacked, these will impact patient safety, service availability or data confidentiality, either directly or as part of an attack's collateral damage. A third of bedside healthcare IoT devices, the devices closest to patient care that patients most depend on for optimal health outcomes, have an identified critical risk.
Almost 80% of healthcare IoT devices get used monthly or more frequently, giving them little downtime for hospital security teams to analyze them for risks and attacks, apply the latest patches, and carry out segmentation to protect the devices on the network.
The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from manuals posted online.
Medical devices running versions of Windows older than Windows 10 only make up a small part of a typical hospital’s healthcare IoT infrastructure, but they account for the majority of devices used by pharmacology, oncology, and laboratory devices, and make up a plurality of devices used by radiology, neurology, and surgery departments. This leaves patients connected to those devices vulnerable, since those older versions of Windows are already past end of life and replacing the machines they run on will still take several years in most cases.
image: shutterstock/Zapp2Photo