Dec 12
2024
Medical Devices are Attacked Every 20 Seconds: Here Is How to Protect Them
By Daniel Trivellato, vice president of healthcare and cyber risk solutions, Forescout.
A recent honeypot study revealed that every 20 seconds, somewhere in the world, a cybercriminal targets a medical imaging device. In the time it takes to check a patient’s vital signs, multiple attackers may be actively trying to breach the very systems designed to provide vital healthcare information and keep us alive.
While connected devices have become increasingly prevalent in healthcare, many healthcare organizations fail to adequately protect them. Recent research examining over 2 million devices across 45 healthcare organizations revealed that approximately half of all devices in healthcare networks are now Internet of Medical Things (IoMT), Internet of Things (IoT), operational technology (OT) or building automation devices. These are more than simply administrative systems, these devices play a direct role in influencing patient outcomes, including patient monitors, infusion pumps, and imaging systems.
Of the 306 medical device vendors observed, the research finds that medical devices are running on 110 different operating systems, making the complexity of securing these networks truly staggering.
While household names like Philips, GE Healthcare, and Baxter are major players in the space, these organizations only represent 40% of the vendor landscape. The remaining 60% is a fragmented maze of smaller providers, each with its own potential vulnerabilities.
Perhaps most alarming is the dramatic rise in exposed Digital Imaging and Communications in Medicine (DICOM) servers. Between August 2022 and May 2024, we’ve seen a 27.5% increase in exposed servers, with the majority of exposed devices located in the United States, India, Germany, Brazil, Iran, and China. Across all IoMT devices, our research uncovered 162 vulnerabilities, with half of the most critical flaws found in Windows-based systems.
Recent breaches have had real-world impact on both health systems and patients. In 2023, healthcare organizations experienced an average of 1.6 data breaches per day, with each incident affecting approximately 200,000 patients. This isn’t just about compromised data – it’s about real people whose private medical information is at stake.
When personal medical device data is stolen, patients can face serious personal risks, including identity theft, insurance fraud, and emotional distress. Many cybercriminals leverage stolen medical records to create sophisticated phishing schemes, impersonate patients to obtain prescription medications, or even blackmail individuals with sensitive health information. Patients may also experience emotional distress following a breach of personal information, feeling vulnerable knowing their most intimate health details have been exposed.
Fifteen years ago, hacking incidents accounted for virtually zero healthcare data breaches. Today, they’re responsible for nearly 80% of all breaches. While much attention focuses on potential physical impacts of medical device attacks, the primary target is patient data. Cybercriminals recognize that medical records, rich with personal and insurance information, are far more valuable than credit card numbers on the dark web.
Healthcare organizations aren’t defenseless, but they need to act now. Comprehensive asset management, network communication and access control, risk and exposure management, strategic network segmentation, and continuous monitoring are essential.
To better protect against threats, healthcare organizations should first of all identify and have continuous visibility of all devices connected to their networks – including IoMT, IoT, and OT devices, which are increasingly used as entry point of attacks – to better understand potential vulnerabilities and blind spots. From there, they should prioritize mitigation actions on their most critical devices with the biggest exposure, such as default credentials, insecure protocols, unintended Internet access, or violating internal or regulatory compliance requirements, with the goal to establish a solid foundational cyber hygiene.
Most IoMT, IoT and OT devices cannot be patched regularly like traditional Windows laptops and workstations, due to the potential impact of an unsuccessful patch to healthcare operations and patient safety. However, organizations can limit access to these critical devices by implementing network segmentation and access control strategies. Finally, organizations need to continuously monitor their network and devices to detect suspicious activity in real-time and respond or contain threats in a timely manner.
Data breaches affecting hundreds of thousands of patients emphasize why healthcare organizations must prioritize cybersecurity as a fundamental component of their patient care mission. Recent breaches, including Change Healthcare and Atrium Health highlight the consequences associated with a cyber-attack. In an era where a single compromised device could impact countless lives, we can’t afford to leave our medical systems exposed. It is our duty to protect them.
The findings discussed in this article are based on research conducted by Forescout’s Vedere Labs, analyzing over 2 million devices across 45 healthcare delivery organizations worldwide.