• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

HIMSS23: Internet of things creates new ways to hack into medical computer networks


Cybersecurity firm analyzes what devices are most vulnerable.

medical computer © Suriyo - stock.adobe.com

© Suriyo - stock.adobe.com

Physicians, watch out – your clinician colleagues may have work stations open to hacking attacks.

Nurse call systems are the riskiest devices open to malicious computer activity in hospitals and clinical environments, according to a study by cybersecurity consultant Armis. Cameras, printers, and voice over internet protocol (VoIP) devices also rank among internet-of-things (IoT) devices vulnerable to attack.

“These numbers are a strong indicator of the challenges faced by healthcare organizations globally Mohammad Waqas, principal solutions architect for healthcare, said in a statement. The company released its findings in conjunction with its presentation at HIMSS23 in Chicago.

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” Waqas said. “Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”

Connecting devices to supply patient data to electronic medical records will help improve patient care, but more devices could create more security vulnerabilities. By 2026, smart hospitals are expected to engage more than 7 million devices on the internet of medical things, according to Armis.

Tracking vulnerabilities

Armis examined data from connected devices and found:

  • 39% of nurse call systems have critical severity unpatched common vulnerabilities and exposures (CVEs), and 48% have unpatched CVEs.
  • 27% of infusion pumps have critical severity CVEs, and 30% have unpatched CVEs
  • 4% of medication dispensing systems have critical severity CVEs, but 86% have other unpatched CVEs and 32% run on unsupported versions of Windows.
  • 19% of connected medical devices run on unsupported operating systems.

For other devices used in medical environments, cameras fare worst, with 56% having critical severity CVEs and 59% having unpatched CVEs. Printers rank second with 37% having unpatched CVEs and 30% with CVEs of critical severity. Among VoIP devices, 53% have unpatched CVEs, but only 2% of those are of critical severity, according to Armis.

The data come from more than 3 billion connected medical and IoT devices in Armis’ Asset Intelligence and Security Platform. The California-based company provides cyber asset management, risk management, and automated enforcement for Forune 100 companies around the world.

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot