When our health is at risk, the last thing we want to think about is IoT cybersecurity. But the truth of the matter is, healthcare IoT threats are a serious issue. Many of the devices doctors use to diagnose us and keep us healthy can be hacked — just like a computer. But unlike a computer, devices like MRI machines, IV pumps, and even pacemakers can’t be protected by traditional security tools.
The software on these devices is difficult and sometimes even impossible to upgrade. Without updates that fix bugs and patch vulnerabilities, these healthcare devices could become victims of a cyberattack. Making matters worse, it’s hard to monitor them because they can’t accommodate traditional software agents.
There is a lot of evidence that shows the risks are real:
Imagine being responsible for security at a facility where medical devices can be infected by ransomware, or left vulnerable to having medical information stolen. This is the situation at most hospitals, where MRI machines run old versions of Windows that are no longer supported by Microsoft. And some manufacturers stipulate that their device’s operating systems can’t be upgraded like regular IT equipment without voiding the manufacturer’s warranty. That makes these devices extremely vulnerable to an attack, and can put patient care at risk too.
Some MRI machines run operating systems as old as Windows XP, which hasn’t been updated by Microsoft since April of 2014. These versions of windows have the EternalBlue vulnerability, the central exploit of a WannaCry attack. It’s not uncommon for an MRI machine to be connected to the main hospital network, and typically the vendors of these machines require hospitals to open up ports to the public Internet for remote vendor support. Without the underlying operating system patches, these devices are sitting ducks.
Existing security products can’t help defend against healthcare IoT threats because:
If you want to learn more about healthcare IoT threats and similar IoT exploits, check out the white paper “7 IoT Exploits in the Enterprise” which describes:
Sign up to receive the latest news