The attackers are interested in IoT devices in hospitals. Independent of the industry, experts have been warning of corresponding IoT vulnerabilities for years. An analysis by Marc Laliberte, Technical Security Operations Manager at WatchGuard.
Since January 2021, the German federal government has provided three billion euros for the digitization of hospitals as part of the Hospital Future Act. A further 1,3 billion come from the federal states. The goal: a comprehensive investment program for modern emergency capacities, digitization and, last but not least, measures to increase IT security. With the last point in particular, the urgency to act is obvious, because hackers are increasingly targeting hospitals - regardless of the country.
IoT in hospitals are goals
In this context, attackers are increasingly interested in IoT devices. The reason: The Internet of Things has a security problem that was practically inherited from the cradle. For years, experts have been warning of such weak points, regardless of the sector. There are now plenty of examples of such attack scenarios: from the Mirai botnet, which stumbled into Internet giants such as Netflix, Twitter and Reddit in 2016, to the compromise of Verkada security cameras, which are used in hospitals and other places, in the spring of 2021.
Increasingly at risk: IoT devices in healthcare
It can be assumed that such attacks on IoT applications in the healthcare sector will continue to increase in the future. After all, the enormous benefit of networked sensors for the exchange of diagnostic data is undisputed. Market watchers assume that the IoT rollout in healthcare will reach an annual growth rate (CAGR) of 2028 percent by 25,9. However, this also automatically increases the area of attack.
Medical devices are highly vulnerable
Since technical problems in medical technology can lead to life-threatening situations, healthcare providers such as hospitals and clinics often rely on expensive, highly customized applications and devices. However, they are often reluctant to receive updates and patches - for fear that this could restrict the functionality of the components used. This shows parallels to the traditional Internet of Things. While custom software usually runs on a Linux variant that is several years old, outdated versions of Microsoft Windows and Windows Server are often used for medical IoT devices. For example, last year researchers found that 45 percent of medical devices were vulnerable to the critical BlueKeep Windows vulnerability. Microsoft considered this to be so serious that it even released legacy patches for versions of its operating system that had actually been unsupported for years.
Basically, all IoT security problems can be traced back to three failures:
- lack of security considerations already during development
- Gaps in knowledge and a lack of transparency among those who use IoT, as well as
- failure to manage device updates after deployment
IoT: cheap and secure at the same time?
The first problem, the subordinate consideration of IT security in development, can largely be justified by the fact that most IoT users are guided by the price. However, if the focus is only on whether a solution meets the basic technical requirements and is at the same time inexpensive to procure, manufacturers lack the incentive to spend additional resources on improving the safety of their products. As a result, devices are delivered that have weak and hard-coded passwords and run with outdated software and operating systems that lack even basic protective measures. This literally invites cyber criminals to exploit the security gaps that are the size of a barn door. For example, the 2016 Mirai botnet did not flourish by exploiting a sophisticated zero-day vulnerability in IoT cameras. Rather, it was sufficient to try out a list of 61 common user names and passwords on an administrative interface that was not secured by the device manufacturer - there can be no question of effort here.
Extending the zero trust approach to IoT
Before using IoT, companies should carefully consider how and to what extent they want to use this technology at all. Here it can be helpful to follow the zero trust approach: Essentially, this security concept is about not trusting any device in the network and constantly checking each one anew. Anyone who refrains from automatically viewing the internal network as a “safe haven” is already on the right track. On this basis, considerations should be made as to which security precautions are necessary in order to be able to contain the risk posed by a malicious user or endpoint already on the network.
Use network segments specifically for IoT
For the Internet of Things, this means that corresponding devices are used in network segments that are largely isolated from other systems and, in particular, from the most important resources. If there are technical reasons for keeping a potentially insecure, unpatched system, it must be protected at the network level by restricting access to specific ports and protocols that are absolutely necessary for the function. Such connections should also be consistently checked for potential abnormalities in order to be able to detect network attacks and malware at an early stage. At the same time, it is important to establish regular vulnerability scans and security assessments for all IoT devices in the network. Only then will companies know what to protect themselves against and will not be surprised by something that has previously slumbered somewhere unnoticed.
More at WatchGuard.com
About WatchGuard WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,