According to one study, IoMT devices such as hospital IP cameras, printers and VoIP devices examined were full of unpatched vulnerabilities

Medical and non-medical devices are increasingly connected and automated to feed patient data from monitoring devices into electronic records. These connections and communications within a medical environment help improve patient care but also make it increasingly vulnerable to cyberattacks, which could result in the interruption of patient care.

In tracking the visibility and security of over 3bn assets, one firm’s data has found ‘nurse call systems’ to be the riskiest Internet of Medical Things devices, followed by infusion pumps and medication dispensing systems. Top IoT devices in the data found to be sources of highest risk were IP cameras, printers and Voice Over Internet Protocol (VoIP) systems.

In particular: several noteworthy conclusions can be drawn from the data set analyzed:

    1. Nurse call systems were the riskiest connected medical device, with 39% having critical severity unpatched Common Vulnerabilities and Exposures (CVEs) and 48% having unpatched CVEs.
    2. Infusion pumps were second, with 27% having critical severity unpatched CVEs and 30% having unpatched CVEs.
    3. Medication dispensing systems were in third place, with 4% having critical severity unpatched CVEs, and 86% having unpatched CVEs. Moreover, 32% of such systems were running on unsupported versions of Windows.
    4. 19% of connected medical devices in the data were running unsupported OS versions.
    5. More than half of IP cameras monitored in clinical environments had critical severity unpatched CVEs (56%) and unpatched CVEs (59%), making them the riskiest IoT device in the data for clinical environments.
    6. Printers were the second riskiest IoT device in clinical environments, with 37% having unpatched CVEs, and 30% having critical severity unpatched CVEs.
    7. VoIP devices were in third place. Although 53% of them had unpatched CVEs, only 2% had critical severity unpatched CVEs.

According to Mohammad Waqas, Principal Solutions Architect for Healthcare, Armis, which released its data findings: “With increasingly connected care comes a bigger attack surface. Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”