According to a report, more than half of connected medical and other Internet of Things (IoT) devices in hospitals are vulnerable to cybercrimes.
These internet-connected devices could put patient safety, confidential data, or the usability of a device at risk.
The report, from the US-based healthcare cybersecurity company Cynerio, is based on an analysis of over 10 million IoT and IoMT devices collected from current Cynerio implementations at over 300 hospitals and other healthcare facilities in the US and around the world.
The report shines a light on the sorely under-addressed risks, threats, and security issues related to IoT and related devices within healthcare environments.
Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free
“With hospitals under an unprecedented amount of strain from both the pandemic and the explosion of ransomware attacks on healthcare facilities, it has never been clearer that digital safety and patient safety are intimately intertwined,” the report said.
“Protecting the devices providing the care patients depend on is ultimately about safeguarding their health, safety and well-being,” it added.
The findings showed IV pumps, which make up 38 percent of a hospital’s typical healthcare IoT footprint, are the most common healthcare IoT devices.
The report said that 73 percent of the IV pumps can jeopardize patient safety, data confidentiality, or service availability if exploited by hackers.
A third of bedside healthcare IoT devices, the devices closest to patient care that patients most depend on for optimal health outcomes, also have an identified critical risk.
Further, most healthcare IoT devices are used regularly, making them difficult to update securely.
Almost 80 percent of healthcare IoT devices get used monthly or more frequently, giving them little downtime for hospital security teams to analyze them for risks and attacks.
The report also found many healthcare IoT devices are running on outdated Windows versions — even older than Windows 10 — in critical care sectors.
“This leaves patients connected to those devices vulnerable, since those older versions of Windows are already past the end of life and replacing the machines they run on will still take several years in most cases,” the report said.