Most Common Connected Devices That Pose Risk to Hospitals
Study: Unpatched Nurse Call Systems, Printers and IP Cameras Top the List
Globally, hospitals are expected to deploy over 7 million medical devices by 2026 — or more than 3,850 devices per hospital, according to a study conducted last year by research firm Juniper Research.
Many IoT device makers and users have lagged in updating these products to patch vulnerabilities, said Scott Singer, managing director of the University of Minnesota’s Center for Medical Device Cybersecurity.
A study of connected medical devices with the greatest number of unpatched critical vulnerabilities suggests nurse call systems may be among the riskiest devices in hospitals. 39% of call systems had unpatched vulnerabilities.
27% of infusion pumps show unpatched vulnerabilities with severity ratings of critical. Additionally, roughly 1/3 of medication dispensing systems run on unsupported Windows operating systems.
The security of connected devices that play a role in healthcare is often overlooked. The FDA has made it clear it expects manufacturers to make cybersecurity a higher priority, but connected devices haven’t garnered the same sense of urgency.
The unseen ‘silent cyber’ Operational Technology (OT) devices, such as HVAC, door access, refrigerators, power systems, etc., also factor into security. A cyber issue related to remote monitoring and control of those devices can take patient care offline. These devices are often forgotten due to their complexity and involvement in ICS/SCADA (Industrial Control Systems) controls that are hard to understand and never touched until there is an issue.
As more and more healthcare devices and systems are connected, the risk of a cyber incident affecting things and causing cascading problems throughout a hospital becomes increasingly relevant. When focusing on cyber-security, it’s important to widen your scope to look at everything that’s accessible, and therefore vulnerable, to create a thorough plan.
If you have questions about IT security and the changing threat landscape, call ITPAC today.