More than half of internet-connected medical devices are susceptible to vulnerabilities that compromise patient safety, data privacy, and equipment usability.
This was reported by Cynerio, an information security company specializing in the security of medical equipment.The researchers studied data collected from 10 million devices in 300 hospitals and healthcare facilities around the world using connectors attached to devices as part of the Cynerio security platform.
The most popular medical devices connected to the Internet are infusion pumps. These devices can remotely connect to electronic medical records, draw up the correct doses of drugs and administer them to patients.
According to the report, 73% of them contain vulnerabilities. Experts worry that by hacking devices that are directly connected to patients, hackers could harm their health. Attackers could theoretically gain access to these systems and change the dosage of drugs.
By the way, we talked about First death due to ransomware attack.
Other popular Internet-connected medical devices are heart monitors and ultrasound machines. Both types of devices are in the top ten in terms of the number of vulnerabilities.
Healthcare organizations are currently a prime target for hackers, and while a direct attack on Internet-connected medical devices does not seem to have happened yet, experts believe it is possible. A more active threat comes from groups that infiltrate hospital systems through a vulnerable device and block its networks, leaving doctors and nurses without access to medical records, devices and other digital tools, and demanding a ransom to unlock them.
The Cynerio report notes that the majority of vulnerabilities in medical devices are easy to fix: they are associated with weak or default passwords or a revocation notice that the organization did not respond to.
Many healthcare organizations simply do not have the resources or staff to keep systems up to date and may not know if there is an update or alert for one of their devices.
Let me remind you that we also reported that Conti ransomware attacks Ireland’s Health Service Executive.