Best practices for managing the cybersecurity risks of connected devices
por
John R. Fischer, Senior Reporter | May 05, 2023
Health IT
Nearly one in five connected IoMT and IoT (Internet of Things) devices in hospitals run on unsupported operating systems, putting them at greater risk for hacking.
In 2026, smart hospitals will be relying on more than 7 million IoMT (Internet of Medical Things) devices, doubling the amount they had in 2021, and putting them at greater risk for potential cyberattacks.
In a recent survey, cybersecurity firm Armis found that nearly one in five connected IoMT and IoT (Internet of Things) devices in hospitals run on unsupported operating systems, and identified devices with critical severity unpatched common vulnerabilities and exposures (CVEs) that made them the most at risk.
The key to mitigating risk is prioritizing remediation efforts based not only on the severity of vulnerability, but also the potential impact on quality of care, as well as increasing account asset visibility and cross-team collaborations, Mohammad Waqas, Armis' principal solutions architect for healthcare, told HCB News.
"Uncovering vulnerabilities is inevitable," he said. "The speed of response and remediation is where we have the most potential to minimize risk."
Putting safety first
For the survey, Armis assessed data from its own proprietary security platform, which tracks over three billion assets, and found nurse call systems to be more at risk than any other IoMT device, with 39% having critical severity unpatched CVEs and 48% having unpatched CVEs. Behind them are infusion pumps, at 27% and 30%; and medication dispensing systems, at 4% and 86%, with 32% also running on unsupported Windows versions.
Internet protocol (IP) cameras were the riskiest of all IoT devices, at 56% and 59%; followed by printers, at 30% and 37%; and VolP devices, at 2% and 53%.
The complex, interconnected nature of these devices allows hackers to potentially breach multiple systems, including those tracking patient records, and tamper with devices, posing harm to patients, or hold information for ransom.
"Identity and access management should be a top priority for any healthcare organization. This helps with HIPAA compliance requirements and makes it more difficult for adversaries to gain privileged access to sensitive data," Allie Roblee, cyber intelligence analyst at Resilience, told HCB News.
Ensuring less secure connected devices are separate from others is also important for limiting the spread of any potential breach. "Since patching is complex for these systems and sometimes not an option, they should also be considered 'untrusted' devices and limited from connecting or communicating with systems holding patient data," said Roblee.
Building transparency through collaboration
|
|
You Must Be Logged In To Post A Comment
|