83% of Medical Imaging Devices Run on Unbacked Operating Systems
Hospitals are being left especially vulnerable to disruptive attacks with medical imaging devices running on unbacked operating systems, a new report shows.
Source: Thinkstock
By - According to a recent report, 83 percent of medical imaging devices are running on unsupported operating systems, a 56 percent jump from 2018.
Paloalto Network’s 2020 Unit 42 IoT Threat Report analyzed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the US. Researchers found that the over 50 percent jump was due to the Windows 7 operating systems reaching its end of life, leaving hospital organizations vulnerable to attacks that could disrupt care or expose sensitive medical information.
High-profile, IoT-focused cyberattacks force industries to recognize and manage the risks associated with deploying IoT devices to protect their core business operations. The healthcare industry is exposed to a significant amount of risk.
“Some IoT vulnerabilities may be life-threatening, while some attack critical enterprise functions or exfiltrate confidential data,” the report highlighted.
Experts stressed that there are many emerging trends that organizations must be aware of. For example, 98 percent of all IoT device traffic is unencrypted. This exposes personal and confidential data on the network and gives attackers the ability to listen to encrypted network traffic, collect personal, or confidential information, then exploit the data for profit on the dark web.
Fifty-one percent of threats for healthcare organizations involve imaging devices. This disrupts the quality of patient care and allows attackers to obtain patient data. And 72 percent of healthcare VLANs mix IoT and IT assets, which allows malware to spread from users’ computers to various other IoT devices on the same network.
The vulnerability of IoT devices make them easy targets for hackers. Fifty-seven percent of these devices are vulnerable to medium-or high-severity attacks, while 41 percent of attacks exploit device vulnerabilities.
IoT devices are most often used as the first step before a lateral movement to attack other systems on the network. Password-related attacks also continue to be present on IoT devices. This is due to weak manufacturer-set passwords and poor password security practices, experts found.
But there is an expected shift away from these challenges. On January 1, California’s SB-327 IoT law took effect, prohibiting the use of default credentials.
“We’re also witnessing a shift away from attacker’s primary motivation of running botnets to conduct DDoS attacks via IoT devices to malware spreading across the network via worm-like features, enabling attackers to run malicious code to conduct a large variety of new attacks,” researchers stated.
Nearly 4.8 billion IoT endpoints were expected to be in use by the end of 2019, and they show no signs of slowing down, according to a 2019 Gartner report.
“With such a significant increase in adoption that shows no signs of slowing down, organizations need to be prepared with a strong IoT security strategy. Our report shows there are a myriad of ways enterprises are being left vulnerable to security threats, which can easily lead to some very dire circumstances if exploited,” researchers concluded.
