EXECUTIVE SUMMARY:

Recently, the US Cybersecurity and Infrastructure Security Agency (CISA) reported 21 new vulnerabilities within IoT connected medical devices. One of the reported vulnerabilities can potentially “allow an attacker to change treatment status information,” meaning that a patient’s care could be compromised. A change in dosage is potentially lethal.

Why are hospitals at extreme risk of IoT-based breaches?

• In many hospitals, life-support devices were designed without an eye to cyber security. A high volume of these devices retain hardcoded passwords that can be tampered with by anyone with physical or network access.
• Nearly 50% of connected medical devices rely on legacy operating systems (OSs) that are no longer able to receive security updates. These range from ultrasound machines to MRI scanners.
• Often, in discussing IoT, we forget that IoT includes building management systems, smart elevators, printers, HVAC systems, and other essential operating infrastructure. But the hackers haven’t forgotten these potential points of entry.

How can hospitals develop a stronger IoT security posture?

• Hospitals can implement cyber security products and policies that allow for full visibility into IoT devices.
• Hospitals can empower their leaders to address critical device vulnerabilities with manufacturers.
• Hospitals can implement Zero Trust identity and access management policies, which include network segmentation, making it difficult for hackers to get in.

And so much more.

For healthcare organizations, the average cost of cleaning up an IoT-based breach regularly surpasses $6.4 million. An ounce of prevention is worth a pound of cure. Read more about securing IoT devices in hospital settings here, or read this informative whitepaper.