The healthcare industry is now considered among the most vulnerable to cyberattacks, a new report has said.
This is according to a new report by Forescout Technologies, who analysed 75 healthcare deployments with more than 10,000 virtual local area networks, as well as 1.5 million devices found on the Forescout Device Cloud.
Healthcare was considered particularly at risk due to the increase in the amount of diverse connected devices, as well as the constant need to apply patches and the challenge of voiding warranties, mishandling updates and educating employees.
Computing devices are still the most common on medical networks, followed by IoT devices (phones, tablets, printers) and OT systems (medical devices, facilities, physical security). In the OT device category, the report identifies patient tracking and ID systems, infusion pumps and patient monitors as most common, concluding that the healthcare industry is facing an increased attack surface.
Most devices run older version of Windows, those that are either no longer supported, or on life support, waiting for Microsoft to pull the plug. “Running unsupported operating systems poses a risk that may expose vulnerabilities and has the potential to impact regulatory compliance,” the report claims.
Diversity of devices and outdated operating systems aside, the report also states that healthcare institutions often have 100 or more vendors, providing them with different devices.
“Patching in healthcare environments, especially acute care facilities, can be challenging and require devices to remain online and available. Some healthcare devices cannot be patched, may require vendor approval or need manual implementation by remote maintenance personnel,” it was added.
Image source: Shutterstock/everything possible