Press ReleaseCyber Crime & ForensicCyber SafetyDevice & IoT

Forescout Vedere Labs Unveils Riskiest Connected Medical Devices

Report Identifies 162 Vulnerabilities, Potentially Exposing Patient Data, Disrupting Healthcare Operations, and Posing Risks to Patient Safety

Forescout Technologies, Inc., a global cybersecurity leader, has published the “Unveiling the Persistent Risks of Connected Medical Devices” report. Building on “The Riskiest Connected Devices in 2024” report from June, this research analyses more than 2 million devices across 45 healthcare delivery organizations (HDOs) during the last week of May 2024.
The findings of the Forescout study reveal a growing risk from connected medical devices, with the most vulnerable listed as Digital Imaging and Communications in Medicine (DICOM) workstations and Picture Archiving and Communication Systems (PACS), pump controllers and medical information systems.

What Forescout Found 

Forescout research key findings include:

The top 3 riskiest devices are critical to HDOs.

DICOM workstations and PACS (32% critical unpatched vulnerabilities), pump controllers (26% critical unpatched vulnerabilities and 20% with extreme exploitability), and medical information systems (18% critical unpatched vulnerabilities) are the most at-risk medical devices and could lead to remote denial of service, information disclosure or remote code execution.

Cybercriminals increase attacks against DICOM servers. 

Many organisations use unencrypted communications, allowing attackers to obtain or tamper with medical images from DICOMs, including to spread malware. From August 2022 to May 2024, exposed DICOM servers increased by 27.5%. From a honeypot running from May 2023 to May 2024, Forescout observed 1.6 million attacks on these servers, averaging one attack every 20 seconds. While most attacks are scans and automated attempts to exploit standard services such as HTTP, some aim to steal sensitive patient data.

Windows systems are at risk.

Half of the top 10 vulnerabilities are critical flaws in Windows systems that can lead to a full takeover of a device via remote code execution and could be exploited by malware if medical devices are online or connected to compromised networks. 

Devices lack anti-malware protection.

Although 52% of IoMT devices are running Windows software, only 10% of all IoMT are actively running anti-malware. This is likely due to software and certification restrictions for embedded devices, making endpoint protection more challenging and highlighting the need for stronger network security.

Please refer below for detailed information on the report:

Riskiest Medical Devices Report: https://www.forescout.com/resources/iomt-persistent-risk-report/

Blog post: https://www.forescout.com/blog/research-isolating-the-persistent-risk-of-iomt-devices/

 

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *