Among Internet of Things devices used in medical settings, Internet Protocol (IP) cameras are the most vulnerable to hackers. Meanwhile nurse call systems hold that troubling distinction among general medical devices.
That’s according to an analysis of data monitored via a commercial platform marketed by Armis, an asset visibility and data security company based in San Francisco.
Risky behaviors at scale. Analyzing inputs from 3 billion gadgets in its asset intelligence and security platform for healthcare, Armis labeled as the “riskiest” those that have the highest percentage with unpatched Common Vulnerabilities and Exposures (CVEs). Key results as released by the company April 17:
Vulnerable Internet of Things (IoT) devices:
- More than half of IP cameras turn out to have unpatched CVEs (56) and unpatched CVEs (59%) deemed to be of “critical severity.”
- Printers were next, with 37% having unpatched CVEs and 30% having critical-severity unpatched CVEs.
- Some 53% of voice over IP (VoIP) devices have unpatched CVEs, although only 2% are of critical severity.
Riskily connected medical devices:
- Some 39% of nurse call systems have critical-severity unpatched CVEs and almost half (48%) having unpatched CVEs.
- Infusion pumps are next most at-risk, with 27% having critical severity unpatched CVEs and 30% having unpatched CVEs.
- Among drug-dispensing systems, only 4% have critical-severity unpatched CVEs, but some 86% have unpatched CVEs. What’s more, 32% run on unsupported Windows versions.
Confounding connections. Not only are medical and nonmedical appliances increasingly connected, but they’re also increasingly tapped to automatically feed patient data into EHRs, the company points out.
Growth to watch for. Armis projects that, by 2026, smart hospitals will deploy more 7 million Internet of medical things (IoMT) devices. That would be twice the 2021 tally.
The overarching challenge is balancing risks with rewards. Mohammad Waqas, principal solutions architect for healthcare at Armis:
“Advances in technology are essential to improve the speed and quality of care delivery as [U.S. healthcare] is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface.”
The full Armis news item is posted here.