A new report from IoT security specialist ZingBox looks at the security of connected medical devices, from infusion pumps and patient monitors to imaging systems and medical device gateways.
The most common types of risk originate from user practice issues (such as using embedded browsers on medical workstations to surf the web, conducting online chat or downloading content), accounting for 41 percent of all security issues.
This is followed by outdated operating systems or software such as the use of legacy Windows versions, obsolete applications and unpatched firmware. These issues account for 33 percent of all security risks found on connected medical devices.
The report shows that infusion pumps are the most widely deployed medical devices with network connections but are not the leading cause of security issues. Imaging systems rank number one, being the source for 51 percent of all security issues.
"This groundbreaking report gives us a new, widescale view of connected healthcare devices and enables us to pinpoint not just where the vulnerabilities are, but what types of issues are triggering security issues. The report's findings closely mirror what we have been hearing from our customers about incidents, risks, and related challenges," says Xu Zou, CEO and co-founder of ZingBox. "Many organizations don't have a clear picture of the vulnerabilities on their networks -- or even what devices are connected on those networks. The insights in this report will help them shape their security efforts and prioritize the most critical risks based on concrete data not previously available."
Among other findings are that medical devices make up less than a quarter of all devices found in medical networks, 43 percent of devices in networks dedicated for medical use are PCs. Use of unauthorized applications (22 percent) and browsers (18 percent) make up the bulk of user practice issues and are the leading security issues for connected medical devices.
"This report, and the extensive analysis behind it, represents a pivotal step forward. Understanding how vulnerabilities enter our networks is critical to protecting patient data and safety in healthcare settings," adds Zou. "As we continue to gain more knowledge about how attacks enter our systems, we can better arm our staff and networks to prevent these dangerous events."
More information is available in the full report on the ZingBox website.