"Sector’s Increasing Interconnectedness Poses Healthcare Cybersecurity Risks"
Security researchers at Vedere labs have found that healthcare, like any other industry, is increasingly relying on internet-connected devices to facilitate day-to-day operations and workflows. The interconnectedness of healthcare means that security practitioners are tasked with juggling a combination of IT, OT, IoT, and Internet of Medical Things (IoMT) devices amid a volatile cyber threat landscape. The researchers analyzed anonymized device data in Forescout’s Device Cloud from almost 19 million devices between January 1 and April 30, 2022, and found DICOM workstations, nuclear medicine systems, imaging devices, PACS, and patient monitors to be among the riskiest IoMT devices. The researchers calculated device risk based on a multifactor risk scoring methodology encompassing configuration, function, and behavior considerations. Specifically, Vedere Labs looked at the number and severity of vulnerabilities on the device, the potential impact on the organization if the device was compromised, and the reputation of inbound connections to and outbound connections from the device. Next, researchers calculated averages per device type to determine the “riskiest” devices. The researchers stated that it is essential to note that any device connected to the internet carries some level of security risk. However, internet-connected medical devices pose unique risks to the sector because many remain in use for a decade or longer, as the Federal Bureau of Investigation pointed out in a recent notice. The researchers stated that IT devices are still the most common initial access points, but it is crucial that organizations assess risk across their entire enterprises.