• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity
    2. Network Segmentation

    Report: Healthcare Systems Need to Improve IoT Device Security

    March 17, 2020
    Devices such as X-Ray machines often run end-of-life operating systems with known vulnerabilities, according to Palo Alto Networks’ Unit 42 research team

    Many healthcare organizations are continuing to display poor network security hygiene, according to a study from vendor Palo Alto Networks’ Unit 42 research team. For instance, they found that 83 percent of all medical imaging systems they studied run on end-of-life operating systems with known vulnerabilities and no security updates or patch support.

    Unit 42 threat intelligence and IoT security experts analyzed security incidents throughout 2018 and 2019 across 1.2 million IoT devices in the United States and collected them in their 2020 Unit 42 IoT Threat Report.

    The researchers found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.

    The white paper highlights several weaknesses in the healthcare sector, including staffing and departmental silo issues. For instance, in hospitals, biomedical engineers maintain the medical devices, but they often lack training and resources to follow IT security best practices, the report said. They also don’t maintain the underlying operating systems that power the devices. Because connected devices such as X-Ray machines often run end-of-life operating systems with known vulnerabilities, they pose a high risk to the health system’s operations. New attacks exploit vulnerabilities in the underlying operating system to target medical IoT devices.

     Due to their long lifecycles, medical IoT devices are among the worst offenders of running outdated and, in many cases, end-of-life operating systems, the report said. These devices are neither maintained by IT nor supported by the operating system vendors.

     The most basic IoT risk remediation practice is network segmentation, the Unit 42 research team notes. “Despite this, only 3 percent of all segmented networks or virtual local area networks (VLANs) in the healthcare organizations we studied contained strictly medical IoT devices, and 25 percent contain non-medical IoT devices (IP phones, printers, etc.).”

     Seventy-two percent of healthcare VLANs house a mix of medical IoT devices, generic enterprise IoT devices, and IT devices. So an infected laptop could target surveillance cameras and DICOM viewers found in the same network. “This is low-hanging fruit for healthcare organizations to address this year,” the report concludes.

    Continue Reading

    Sponsored Recommendations

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.

    Increasing Healthcare Security Behind and Beyond the Firewall

    Read how 5 identity security solutions can help you protect against these threats while improving user experience and reducing costs.

    Improve and Secure Healthcare Delivery with Digital Identity

    Get a deep understanding of how Digital Identity can help secure your healthcare organization while offering seamless access to your growing portfolio of apps and APIs.

    Vizient Header

    Most Read

    Sponsored