A new report from Unit 42 says 72% of health care networks mix internet of things (IoT) and information technology assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. The report also offers a lot of data on non-medical IoT attacks.
There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. And Unit 42 has seen a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware.
According to a 2019 Gartner report, 4.8 billion IoT endpoints were expected to be in use at the end of 2019, up 21.5% from 2018. But 40% of health care chief information officers (CIOs) plan to spend new or additional funds on cybersecurity tools in 2020.
For the time being, medical devices are in a critical state and are running outdated operating systems. Due to their long lifecycles, medical IoT devices are among the worst offenders when it comes to running outdated and, in many cases, end-of-life operating systems, Unit 42 said. These devices are neither maintained by IT nor supported by the operating system vendors.
Biomedical engineers who maintain medical devices often lack the training and resources needed to follow IT security best practices for employing password rules, storing passwords securely, and maintaining up-to-date patch levels on devices.
The National Cybersecurity Center of Excellence (NCCoE) completed a medical IoT device security project in 2019 called Securing Picture Archiving and Communication Systems (PACS). NCCoE found that 83% of all medical imaging systems run on end-of-life operating systems with known vulnerabilities and no security updates or patch support. This is a 56% jump from 2018 as a result of Windows 7 reaching its end of life.
Read more at: Venture Beat