Updated: December 5, 2022
When our health is at risk, the last thing we want to think about is IoT cybersecurity. However, the truth of the matter is, healthcare IoT threats are a serious issue. Many of the devices doctors use to diagnose us and keep us healthy can be hacked — just like a computer. Whereas, unlike a computer, devices like MRI machines, IV pumps, and even pacemakers can’t be protected by traditional security tools.
The software on these devices is difficult and sometimes even impossible to upgrade. Without updates that fix bugs and patch vulnerabilities, these healthcare devices could become victims of a cyberattack. To make matters worse, it’s hard to monitor them since they can’t accommodate traditional software agents.
There is a lot of evidence that shows the risks are real:
Imagine being responsible for security at a facility where medical devices can be infected by ransomware, or left vulnerable to having medical information stolen. This is the situation at most hospitals, where MRI machines run old versions of Windows that are no longer supported by Microsoft.
Some manufacturers stipulate that their devices’ operating systems can’t be upgraded like regular IT equipment without voiding the manufacturer’s warranty. That makes these devices extremely vulnerable to an attack and can put patient care at risk too.
Some MRI machines run operating systems as old as Windows XP, which hasn’t been updated by Microsoft since April 2014. These versions of Windows have the EternalBlue vulnerability, the central exploit of a WannaCry attack.
It’s not uncommon for an MRI machine to be connected to the main hospital network, and typically the vendors of these machines require hospitals to open up ports to the public Internet for remote vendor support. Without the underlying operating system patches, these devices are sitting ducks.
Here are some of the limitations of traditional IT security solutions in protecting IoT devices in healthcare environments:
Learn how Armis can help your healthcare organization with medical device cybersecurity, threat detection, and response.
Related articles:
Sign up to receive the latest news