Report: Fifty-three Percent of Connected Medical Devices Have a Vulnerability

According to a Jan. 19 blog, New-York based Cynerio, a healthcare IoT platform, has released its “2022 State of Healthcare IoT Device Security Report.”

The blog states that “Data shows that 53 percent of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. Additionally, a third of bedside healthcare IoT devices—which patients most depend on for optimal health outcomes—have an identified critical risk. If attacked, these vulnerabilities could impact service availability, data confidentiality, or patient safety—with potentially life-threatening consequences for patient care. “

Key highlights of the report include:

• Thirty-eight percent of a hospital’s IoT footprint is made up of IV pumps and 73 percent of those have a vulnerability
• The majority of devices used by pharmacology, oncology, and laboratory devices, and make up a multitude of devices used by radiology, neurology, and surgery departments are running versions of Windows older than 10
• Twenty-one percent of devices are secured by weak or default credentials
• Ninety percent of critical risks with connected medical devices in hospitals can be addressed by network segmentation

Daniel Brodie, CTO and co-founder of Cynerio was quoted in the release saying that “Healthcare is a top target for cyberattacks, and even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices [that] hospitals rely on for patient care. Visibility and risk identification are no longer enough. Hospitals and health systems don’t need more data—they need advanced solutions that mitigate risks and empower them to fight back against cyberattacks, and as medical device security providers it's time for all of us to step up. With the first ransomware-related fatalities reported last year, it could mean life or death.”

The full report can be accessed here.