A large proportion of medical equipment is prone to hacking and data theft due to running on dated operating systems that do not receive security updates, new research has found.
According Palo Alto’s Unit 42 security division, 83% of such devices run on obsolete operating systems and nearly 41% of attacks exploit existing vulnerabilities in the devices.
An increasing amount of attackers now target patient identities, corporate data, and even try to get monetary profits through cyber-attacks like ransomware.
- Over a billion medical images leaked online
- Growing threat to medical devices will help drive cybersecurity market to $143 billion
- Medical data of millions of Americans available online
Medical data security
The research examined over 1.2 million IoT devices across thousands of locations in the United States reveal that over 57% of these devices are vulnerable to risk ranging between medium to high severity. It also mentioned that 98% of web traffic on IoT devices is unencrypted which can pose a serious threat of exposing personal and confidential information to attackers.
Since most imaging devices used in hospitals and other medical institutions have a long life cycle, they are the most vulnerable to cyber-attacks, the report found.
In most cases these devices are not supported or maintained by the software vendors or the IT staff, Palo Alto added, with a massive 56% of devices were found to be running on Windows 7, which has reached the end of its life cycle, are an open invitation to the attackers.
The report states that “We found that, while the vulnerability of IoT devices makes them easy targets, they are most often used as a stepping stone for lateral movement to attack other systems on the network.” It further adds, “We found password-related attacks continue to be prevalent on IoT devices due to weak manufacturer-set passwords and poor password security practices.”
It also talks about an increasing awareness and rising trend of using a separate network for computers. While in 2017 only 12% of hospitals maintained separate networks for computers and devices while the number increased to 44% in 2019. This shows growing awareness around the need to keep the medical devices safe from cyber-attacks.
Among other measures, securing these old devices behind a strong firewall or continuous monitoring for unusual activity or access is important. This can ensure that the devices which play an important role are functional every time.
- Protect your devices with the best antivirus software packages
Via: Palo Alto (opens in new tab)