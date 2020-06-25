Infosecurity Group Websites
Latest
News

Medical Devices Among Most Risky to Security

Medical devices, physical access operations and networking equipment are among the most risky when it comes to risks posed to businesses.

Using analysis of metrics and data from the Forescout Device Cloud, the company identified points of risk inherent to device type, industry sector and cybersecurity policies. It determined that the riskiest device groups include smart buildings, medical devices, networking equipment and VoIP phones.

The data, which was correlated from around 11 million devices, determined the risk posed by connected medical devices because of their potential impact, both in terms of business continuity and their potential to harm patients. Forescout said that alongside a reliance on new technologies and increased connectivity, it was witnessing an increase in the number and sophistication of vulnerabilities in medical devices and cyber-attacks on hospitals, although these rarely target medical devices directly.

Speaking to Infosecurity, Forescout research manager Daniel Dos Santos said this is the first time the company had undertaken such research at this scale, where there is a lot of available and powerful data. Looking at the details on medical and healthcare devices, Dos Santos said there are many types of devices, and some are directly connected and some are on the diagnosis side, and they have an impact in different ways. “It doesn’t matter about the vulnerability as the easiest action is to crash the infusion pump, but whether the vulnerability is critical enough to be able to execute the attacker’s demands,” he said.

This also impacted the medical supply chain, where Dos Santos said devices are connected to workstations and ultimately to patient databases and prescriptions. “They should not talk to one another and networks should be isolated and segmented so the laptop doesn’t talk to the infusion pump,” he explained.

Forescout added, according to its data sample, physical access control solutions were the most risky due to the presence of many critical open ports, connectivity with devices and the presence of known vulnerabilities. In particular, Dos Santos named badge readers as being a surprise, as research showed that a badge reader could be reprogramed to allow anyone to enter a building “and it is not the worst thing for an office, but think about airports, hospitals or government buildings, critical buildings.”

Dos Santos said he expected improvements on this type of data year-on-year, especially as awareness of the issue is growing, and with more improvements in segmentation. “We see signs of improvements and companies are more aware and know what to do and can mitigate risk,” he said.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Over Two-Thirds of Q1 Malware Hidden by HTTPS

2
News

Prolific Hacker Made Millions Selling Network Access

3
News

Stalker Online Breach: 1.3 Million User Records Stolen

4
News

350,000 Social Media Influencers and Users at Risk Following Data Breach

5
News

Twitter Data Leak Exposes Business Clients

6
News

Two-Year Data Breach at Florida Senior Care Provider

1
News

Police Seize Alleged Bitcoin Raider's $90m in Assets

2
News

HelpSystems Acquires Two Security Software Companies

3
News

350,000 Social Media Influencers and Users at Risk Following Data Breach

4
News

PlayStation Announces Bug Bounty Program

5
News

NCSC: One Million Phishing Messages Reported in Two Months

6
News

IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda

1
Webinar

Attack Yourself Before They Do: Strengthen Security Through Breach and Attack Simulation

2
Webinar

The Impact of Artificial Intelligence on Cyber-Resilience

3
Webinar

The Power of Continuous AppSec and How to Achieve It

4
Webinar

Zero-Trust Security: Making Remote Working, Work

5
Webinar

Mitigating the Security Risks and Challenges of Office 365

6
Webinar

Building Remote Resilience: A Secure by Design Approach to Remote Working

1
Interview

Interview: Balaji Parimi, Founder and CEO, CloudKnox Security

2
News Feature

Have Contact Tracing Scam Opportunities Been Easily Enabled?

3
Blog

A Country in Crisis: Data Privacy in the US

4
Webinar

Role of the CISO During a Turbulent Year

5
Blog

Cybercrime is Winning – What Are You Going to Do About It?

6
Opinion

#HowTo Secure the Supply Chain