Tech & Innovation in Healthcare

Question: Our IT and cybersecurity teams provide continued education to ensure our staff and clinicians stay aware of cyber threats, but I also receive several email reports a month about medical device security risks.

What medical or nonmedical devices pose the biggest security risks in healthcare?

Washington D.C. Subscriber

Answer: All medical and nonmedical devices have the potential for a security breach, but if your cybersecurity team continues to update the devices and take the proper precautions, your practice will be in a much safer position.

That being said, on April 17, 2023, Armis released research identifying which devices are most prone to malicious activity. The company analyzed data from their Asset Intelligence and Security Platform, which tracks more than three billion devices. The research found the top riskiest devices to be:

1) Nurse call systems

2) Infusion pumps

3) Medication dispensing systems

Researchers found that 39 percent of nurse call systems have critical severity unpatched Common Vulnerabilities and Exposures (CVEs), with nearly half of them having unpatched CVEs. Infusion pumps came in second with 27 percent of devices having critical severity unpatched CVEs, and 4 percent of medication dispensing systems have critical severity unpatched CVEs. However, 86 percent of medication dispensing systems have unpatched CVEs and 32 percent are running on an outdated Windows operating system (OS). 

Outdated and unsupported OSs were not solely a medication dispensing system issue — 19 percent of all connected medical devices are operating on unsupported OS versions.

“Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety,” said Mohammad Waqas, principal solutions architect for healthcare at Armis in a press release.