"Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices"

Security researchers at Armis have discovered that nurse call systems and infusion pumps are the riskiest connected medical devices.  The researchers found that 39% of all nurse calling systems, devices used by patients to alert caregivers when they need assistance, have critical severity unpatched Common Vulnerabilities and Exposures (CVEs).  Almost half (48%) of them have unpatched CVEs.  The researchers stated that the numbers are somehow lower for infusion pumps, medical devices used by healthcare professionals to deliver fluids such as nutrients or medications into a patient’s body in a controlled manner.  According to the researchers, 27% of them have critical severity unpatched CVEs, and 30% have unpatched CVEs.  In the third spot are dedication dispensing systems used to organize, prepare, prescribe, and deliver prescription drugs to patients.  Roughly 4% have critical severity unpatched CVEs, but the number is much larger for those with unpatched CVEs (86%).  Moreover, 32% of them run on unsupported Windows versions.  The researchers stated that unsupported software issues extend to other devices as well.  The researchers suggested that 19% of all connected medical devices are running unsupported OS versions.  During the study, the researchers also found that IP cameras were the riskiest IoT device in clinical environments, with over half of them having critical severity unpatched CVEs (56%) and unpatched CVEs (59%).  Printers were the second riskiest IoT device in clinical environments, with 37% of them having unpatched CVEs and 30% having critical severity unpatched CVEs.  VoIP was third in the IoT list, with more than half of them (53%) having unpatched CVEs. Interestingly, only 2% of them have critical severity unpatched CVEs.

Infosecurity reports: "Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices"