One in four medical devices (23%) has a vulnerability from the US cyber security agency CISA's Known Exploited Vulnerabilities (KEV) catalog. In addition, almost two thirds (63%) of KEVs are found in medical networks.
In the first healthcare-focused edition of the State of CPS Security Report, Team82, Claroty's research arm, examines the impact of increasing medical device connectivity. The aim of the report is to demonstrate the comprehensive connectivity of critical medical devices - from imaging systems to infusion pumps - and shed light on the associated risks. Vulnerabilities and implementation errors often emerge during the investigations. In the healthcare sector, a direct connection can be drawn in each case to potentially negative effects on treatment.
The most important results
- Threat from Guest Networks: 22 percent of hospitals have connected devices that connect guest networks that provide WiFi access to patients and visitors to internal networks. This creates a dangerous attack vector: attackers can quickly find and target assets on public WiFi and use this access as a bridge to the internal networks where patient care devices are located. Team82's research shows that 4 percent of surgical devices, critical devices whose failure could significantly impact patient care, communicate over guest networks.
- Outdated operating systems: 14 percent of connected medical devices run unsupported or end-of-life operating systems. Thirty-two percent of unsupported devices are imaging devices, including X-ray and MRI systems, which are essential for diagnosis and prescribed treatment, and 32 percent are surgical devices.
- High probability of exploitation: The report examined devices with high Exploit Prediction Scoring System (EPSS) scores, which indicate on a scale of 0 to 100 the likelihood that a software vulnerability will actually be exploited in the wild. The analysis showed that 11 percent of patient devices, e.g. B. Infusion pumps, and 10 percent of surgical devices have security vulnerabilities with high EPSS values. Looking more closely at devices with unsupported operating systems, 85 percent of surgical devices in this category have high EPSS scores.
- Remotely accessible devices: The study also examined which medical devices can be accessed remotely. Accordingly, 66 percent of imaging devices, 54 percent of surgical devices and 40 percent of patient devices can be accessed remotely. It was also found that devices whose failure could have serious consequences, such as defibrillators, robot-assisted surgery systems and defibrillator gateways, also have remote access.
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.
Matching articles on the topic
More at Sophos.com