Cynerio organization, which is focused on medical IoT devices’ security, has published a new report about the current situation of medical security. According to Cynerio, healthcare devices are the primary targets for cybercriminals and this also risks the patients’ health.
IV pumps carry the most risk
The organization also stated that 53% of the healthcare-related devices that are somehow connected to the internet have critical vulnerabilities. 73% of the IV pumps have vulnerabilities that attackers might exploit, threatening the patients’ life. Those devices make up 38% of the hospitals’ healthcare IoT footprint.
The other important issue is the devices that run Windows to operate. Pharmacology, oncology, and laboratory devices often use old Windows versions and do not get updated. No updates result in security risks. The report also mentions the default passwords of IoT devices. Default passwords generally can be found by a simple search and can be abused by attackers. Cynerio states that 21% of devices are secured by very weak or default passwords.
The organization suggests network segmentation for those critical problems. According to Cynerio, network segmentation can fix or mitigate 90% of the critical risks that threaten medical devices and patients.
Daniel Brodie, CTO and co-founder of Cynerio said:
« Healthcare is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices hospitals rely on for patient care. Visibility and risk identification are no longer enough. Hospitals and health systems don’t need more data – they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers it’s time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death. »