Skip to main content

Healthcare industry failing on cybersecurity

(Image credit: Image source: Shutterstock/Wichy)

Healthcare institutions are still rocking that 10-year-old Windows 7 or Windows Server 2008, putting themselves at serious risk of cybersecurity breaches, data theft, ransomware and all other kinds of nasties.

This is according to a new report by Forescout, based on the analysis of 75 healthcare deployments with more than 10,000 virtual local area networks (VLANs) and 1.5 million devices contained within the Forescout Device Cloud.

To add insult to injury, the fact that 71 per cent of devices run on Windows 7 is not the only major issue – the diversity of device vendors also adds to the complexity and increases challenges.

Forty per cent of healthcare deployments had more than 20 different operating systems. Almost a third (30 per cent) of healthcare deployments had 100 or more device vendors on their network. In such an environment, patching becomes a challenge, too.

“Some healthcare devices cannot be patched, may require vendor approval or need manual implementation by remote maintenance personnel,” the report states.

Eighty-five percent of devices on medical networks running Windows had Server Block Messaging (SMB) protocol turned on, allowing uncontrolled access for attackers to get beyond the perimeter and move laterally.

“Device manufacturers sometimes leave network ports open by default—often unbeknownst to IT and security staff,” the report adds.

“Our findings reveal that healthcare organisations have some of the most diverse and complex IT environments, which are compounded due to compliance risks,” said Elisa Costante, head of OT and Industrial Technology Innovation at Forescout.

“Every time a patch is applied, there is concern around voiding a warranty or impacting patient safety. These organisations are dealing with lifesaving devices and extremely sensitive environments.”

Image source: Shutterstock/Wichy

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.