Study Finds Significant Device Vulnerabilities Among Healthcare Organizations

A recent Microsoft-backed study conducted by the Ponemon Institute has found that while the usage of connected devices in hospitals can promote productivity, security, and positive patient outcomes, they have also significantly increased the surface for attacks, and many of these devices are either missing necessary security features or are not configured properly.

According to the study, IoT/OT devices are among the least secure components of networks, according to 65 percent of organizations, and 50 percent of those same organizations indicate an increase in cyberattacks on IoT/OT devices. 88 percent of participants stated to have internet-connected IoT devices, while 51 percent claimed to have Internet-connected OT equipment. These devices are being targeted by cybercriminals more frequently as a result of their vulnerabilities and are the target of malware and ransomware, as they serve as one of the major entry ways for cybercriminals. 

Forescout, a cybersecurity platform, examined the many types of devices used in workplace networks in 2020 to identify those that offer the greatest danger. This month, the analysis was updated. The majority of the high-risk devices are still included on the new list, along with networking hardware, VoIP, IP cameras, and programmable logic controllers (PLCs), with the addition this year of hypervisors and human-machine interfaces (HMIs).The bulk of the riskiest devices on the list are regularly exposed on the Internet and are essential to operations. A combination of IT, IoT, and OT are used by almost all organizations, and IoMT devices are also used in healthcare. As a result of having at least one type of potentially hazardous device linked to their network, practically all organizations now have an expanding attack surface.

According to Forescout, understanding how the attack surface is expanding and doing a thorough risk assessment to identify where the vulnerabilities are located are crucial to mitigating risks. After being put through a risk management process, the risks can be decreased to a low and acceptable level. In order to reduce risk, Forescout advises using automated controls that don’t only rely on security agents and that apply to the entire organization as opposed to silos like the IT network, the OT network, or particular types of IoT devices.