iot health

IoT Evolution Health News

IoT Evolution Health Home

ZingBox Report Analyzes Connected Medical Devices for IoT Security Vulnerabilities

By Ken Briodagh
March 07, 2018

ZingBox, an IoT security solutions company , recently announced the findings of its first-ever Medical Devices Threat Report. ZingBox researchers detected, identified and analyzed the behavior of medical devices deployed in more than 50 hospitals, clinics, and other healthcare locations.

The report looks at a wide range of medical devices, from infusion pumps and patient monitors to imaging systems and medical device gateways, highlighting vulnerabilities in hospital networks and shedding light on the causes of common security events. Over the course of 2017, ZingBox analyzed tens of thousands of devices resulting in security issues covering vulnerabilities from user issues to outdated software.

“This groundbreaking report gives us a new, widescale view of connected healthcare devices and enables us to pinpoint not just where the vulnerabilities are, but what types of issues are triggering security issues. The report's findings closely mirror what we have been hearing from our customers about incidents, risks, and related challenges,” said Xu Zou, CEO and co-founder, ZingBox. “Many organizations don't have a clear picture of the vulnerabilities on their networks — or even what devices are connected on those networks. The insights in this report will help them shape their security efforts and prioritize the most critical risks based on concrete data not previously available.”

ZingBox's Threat Report provides a detailed analysis of the types of devices, most common risk areas, and steps that can be taken to significantly improve security. The most common types of security risks reportedly originate from user practice issues, or human error. Some examples are: using embedded browsers on medical workstations to surf the web, conduct online chat or download content. This class accounts for 41 percent of all security issues, according to the report. Outdated OS or legacy software, obsolete applications and unpatched firmware were the next biggest category, representing 33 percent of all security risks found on connected medical devices.

The report showed that infusion pumps are the most widely deployed connected medical devices but are not the leading cause of security issues. Imaging systems rank number one, acting as the source for 51 percent of all security issues.

“It is interesting to point out that while infusion pumps make up nearly 50 percent of connected devices in hospitals, they don't represent the largest cyberattack surface,” said Zou. “Security issues relating to infusion pumps were only at two percent. However, attention to protecting these devices should still be a priority since a successful attack on a single infusion pump could result in disabling the bulk of all infusion pumps through lateral movement and infection.”

Additional findings from the report include:

  • Medical devices make up less than a quarter of all devices found in dedicated medical networks
  • 43 percent of devices in networks dedicated for medical devices consist of PCs
  • Use of unauthorized applications (22 percent) and browsers (18 percent) make up the bulk of user practice issues and are the leading security issues for connected medical devices

“This report, and the extensive analysis behind it, represents a pivotal step forward. Understanding how vulnerabilities enter our networks is critical to protecting patient data and safety in healthcare settings,” said Zou. “As we continue to gain more knowledge about how attacks enter our systems, we can better arm our staff and networks to prevent these dangerous events.”

To download the full report, click here

Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

Related Articles

Contact Tracing Available on Identiv Platform

By: Ken Briodagh    6/2/2020

Identiv has made available Hirsch Velocity Software with Contact Tracing via free download for Hirsch customers in order to support worldwide office r…

Read More

IoT Time Podcast S.5 Ep.19 Great Lakes Water Authority

By: Ken Briodagh    5/29/2020

In this episode of IoT Time Podcast, Ken Briodagh sits down with Ali Abdallah, Engineer and Infrastructure Manager at the Great Lakes Water Authority,…

Read More

AT&T and Cradlepoint Team up on Wireless WAN and a 5G Future

By: Ken Briodagh    5/18/2020

AT&T Simplifies Pathway to 5G with Cradlepoint, New Offerings include FirstNet Wireless Edge Solutions and Wireless WAN

Read More

Smartrac And Suku To Authenticate COVID-19 Tests And PPE with NFC, Blockchain

By: Ken Briodagh    5/18/2020

Smartrac and blockchain startup SUKU have together launched a digital verification solution designed to authenticate COVID-19 testing kits and persona…

Read More

Wireless Cybersecurity Protection for Remote Office Workers Comes for IT and IoT

By: Ken Briodagh    5/15/2020

802 Secure announced it has released a new solution to help protect the remote office worker from the challenges of the evolving cyber threats of wire…

Read More