Despite ongoing publicity around the need to secure systems and equipment against the threat of cyberattacks, a new report suggests that cyber vulnerabilities continue to be a major source of concern for connected medical devices.
According to a press release issued by healthcare IoT cyber firm Cynerio, 53% of connected medical devices in hospitals have a known critical vulnerability. Potentially more concerning when it comes to patient safety, a third of bedside connected devices used in healthcare settings have an identified critical risk.
The company’s recent report on the state of healthcare IoT device security was based on an analysis of anonymized data from over 10 million connected systems and devices at over 300 hospitals and healthcare facilities, and identified the following issues posing the greatest risk:
- Outdated operating system software—The majority of systems and devices used in pharmacology, oncology, and laboratory settings run versions of operating system software prior to Microsoft Windows 10, increasing the risk of cyberattack penetration of those systems and devices.
- Default passwords—According to the report, the most common vulnerabilities among connected medical systems and devices can be traced back to the use of default passwords and settings, which can often be obtained through user manuals posted online.
- IV pump vulnerabilities—Intravenous pumps reportedly make up nearly 40% of a hospital’s connected device inventory. But 73% of those pumps have a critical vulnerability ready to be exploited, putting patient safety and data confidentially in jeopardy.