Cybersecurity firm analyzes what devices are most vulnerable.
Physicians, watch out – your clinician colleagues may have work stations open to hacking attacks.
Nurse call systems are the riskiest devices open to malicious computer activity in hospitals and clinical environments, according to a study by cybersecurity consultant Armis. Cameras, printers, and voice over internet protocol (VoIP) devices also rank among internet-of-things (IoT) devices vulnerable to attack.
“These numbers are a strong indicator of the challenges faced by healthcare organizations globally Mohammad Waqas, principal solutions architect for healthcare, said in a statement. The company released its findings in conjunction with its presentation at HIMSS23 in Chicago.
“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” Waqas said. “Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”
Connecting devices to supply patient data to electronic medical records will help improve patient care, but more devices could create more security vulnerabilities. By 2026, smart hospitals are expected to engage more than 7 million devices on the internet of medical things, according to Armis.
Armis examined data from connected devices and found:
For other devices used in medical environments, cameras fare worst, with 56% having critical severity CVEs and 59% having unpatched CVEs. Printers rank second with 37% having unpatched CVEs and 30% with CVEs of critical severity. Among VoIP devices, 53% have unpatched CVEs, but only 2% of those are of critical severity, according to Armis.
The data come from more than 3 billion connected medical and IoT devices in Armis’ Asset Intelligence and Security Platform. The California-based company provides cyber asset management, risk management, and automated enforcement for Forune 100 companies around the world.