Protecting patients by securing medical devices and the Internet of Medical Things (IoMT)

Read Time:2 Minute, 11 Second

This blog was written by an independent guest blogger.

It’s an unfortunate truth that healthcare remains a top target of hackers/ransomware. A recent research report from Cynerio found that 53% of connected medical devices have a known critical vulnerability, and a third of bedside healthcare devices – which patients most depend on for optimal health outcomes – have an identified critical risk. The threat is not only the device being rendered inoperable or corrupted; these devices are connected to the hospital LAN, and a security gap at the bedside becomes an open door into the hospital network. Once inside the network, a hacker can capture sensitive patient data and bring hospital operations to a halt. As it takes an average of 287 days to uncover a breach, the result can be devastating. Hospital and healthcare providers are in weak position— yield to hackers or risk patient lives.

Some of the other notable healthcare IoT vulnerabilities highlighted by the Cynerio report include:

IV pumps – The most common Healthcare IoT device and possess a lion’s share of risk: IV pumps make up 38% of a hospital’s typical healthcare IoT footprint and 73% of those have a vulnerability that could jeopardize patient safety, data confidentiality, or service availability if it were to be exploited by an adversary.
Healthcare IoT running outdated Windows versions dominate devices in critical care Sectors: Devices running versions older than Windows 10 account for the majority of devices used by pharmacology, oncology, and laboratory devices, and make up a plurality of devices used by radiology, neurology, and surgery departments, leaving patients connected to these devices vulnerable.

Default passwords remain a common risk: The most common IoMT and IoT device risks are connected to default passwords and settings that attackers can often obtain easily from manuals posted online, with 21% of devices secured by weak or default credentials.

AT&T’s cybersecurity experts offer unique solutions to mitigate risk, secure the network and prevent costly hacks and breaches. We empower healthcare organizations to stay compliant and proactively manage every connection on their own terms with real-time IoT attack detection and response and rapid risk reduction tools, so that they can focus on healthcare’s top priority: delivering quality patient care. Watch an on-demand demo presentation from AT&T partner Ivanti to learn more about how to secure healthcare IoT effectively against the rising tide of ransomware and breaches targeting hospitals. Your AT&T Cybersecurity representative can assist with a limited-time no-charge Risk Assessment, and will be available at ViVE March 6-9 and HIMSS March 14-17.

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

Ransomware Attackers Target Industries with Low Downtime Tolerance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban