Skip to main content

Huge amount of medical kit could be facing security flaws

Best practice management software
(Image credit: Image Credit: Pixabay)

A large proportion of medical equipment is prone to hacking and data theft due to running on dated operating systems that do not receive security updates, new research has found.

According Palo Alto’s Unit 42 security division, 83% of such devices run on obsolete operating systems and nearly 41% of attacks exploit existing vulnerabilities in the devices.

An increasing amount of attackers now target patient identities, corporate data, and even try to get monetary profits through cyber-attacks like ransomware.

Medical data security

The research examined over 1.2 million IoT devices across thousands of locations in the United States reveal that over 57% of these devices are vulnerable to risk ranging between medium to high severity. It also mentioned that 98% of web traffic on IoT devices is unencrypted which can pose a serious threat of exposing personal and confidential information to attackers.

Since most imaging devices used in hospitals and other medical institutions have a long life cycle, they are the most vulnerable to cyber-attacks, the report found.

In most cases these devices are not supported or maintained by the software vendors or the IT staff, Palo Alto added, with a massive 56% of devices were found to be running on Windows 7, which has reached the end of its life cycle, are an open invitation to the attackers.

The report states that “We found that, while the vulnerability of IoT devices makes them easy targets, they are most often used as a stepping stone for lateral movement to attack other systems on the network.” It further adds, “We found password-related attacks continue to be prevalent on IoT devices due to weak manufacturer-set passwords and poor password security practices.”

It also talks about an increasing awareness and rising trend of using a separate network for computers. While in 2017 only 12% of hospitals maintained separate networks for computers and devices while the number increased to 44% in 2019. This shows growing awareness around the need to keep the medical devices safe from cyber-attacks.

Among other measures, securing these old devices behind a strong firewall or continuous monitoring for unusual activity or access is important. This can ensure that the devices which play an important role are functional every time.

Via: Palo Alto