As ransomware attacks against hospitals become more sophisticated and sophisticated, healthcare facilities face another major challenge – ageing medical equipment, vulnerable to new emerging security threats.
Obsolete medical equipment used in healthcare facilities was developed at a time when cybersecurity functions were not yet implemented, writes MedTech Dive. Many devices use outdated, non-updated software, hardware, and protocols that were not designed with cybersecurity in mind, putting healthcare facilities at risk of cyberattacks and damaging the reputation and financial stability of hardware manufacturers.
Despite the cybersecurity threat, the number of connected medical devices used in medical facilities is growing rapidly, according to IBM specialists. Over the next decade, the number of connected medical devices is projected to grow from 10 billion to 50 billion.
The main obstacle to addressing vulnerabilities in obsolete medical equipment is a lack of financial and human resources, compared to other priorities in healthcare facilities. In other words, replacing hardware or fixing vulnerabilities in devices that have been in use for a long time is not cost-effective.
According to Mike Rushanan, director of medical device security at Harbor Labs, the problem is that security analysts and regulators are “too busy fixing potential vulnerabilities in new devices to waste time on medical systems in clinical practice for many years. However, the same cannot be said for the hacking community, which has sufficient resources and patience to constantly find new vulnerabilities.
Cybersecurity experts believe that identifying and categorizing medical devices running legacy operating systems is critical to mitigating risks and recommend segmenting devices that cannot be retired or repaired to restrict access to critical information and services only.
Catch up on more articles here
Follow us on Twitter here