Grows the cyber risk for connected medical and IoT devices. Nurse call systems are the devices most exposed to attacks, followed by infusion pumps and drug delivery systems. Even IP cameras, printers and Voice Over Internet Protocol (VoIP) devices are among the top of a list compiled by research by Armsa company specializing in solutions for the visibility and security of assets, through the study of the data analyzed by the platform Armis Asset Intelligence and Security Platform.
The evidence of the Armis research
By 2026, smart hospitals are expected to employ more than 7 million devices IoMT (Internet of Medical Things), doubling the amount compared to 2021. Medical and non-medical devices are therefore destined to be increasingly connected, automatically providing patient data from monitoring devices to electronic records. These connections and communications within a healthcare environment help improve patient care, but they also make it increasingly vulnerable to potential cyberattackswhich could cause you to stop getting your health care.
The PNNR allocates more than 7 billion to healthcare facilities: how to exploit them for Smart Health
From a comprehensive data analysis of all connected IoT and medical devices on the Armis Asset Intelligence and Security platform, it already emerges that, as mentioned, nurse call systems they are the most at risk connected medical device, with 39% of them presenting Common Vulnerabilities and Exposures (Cve) unpatched critical severity and nearly half (48%) with unpatched Cve. The infusion pumps are in second place, with 27% having CVEs without critical severity patches and 30% having CVEs without patches. They follow drug delivery systems, with 4% critical severity Cve unpatched, but 86% Cve unpatched. Additionally, 32% are using unsupported versions of Windows.
Furthermore, Nearly one in five connected medical devices (19%) are running unsupported OS versions. More than half of monitored IP cameras in clinical settings have unpatched CVEs of critical severity (56%) and unpatched CVEs (59%), making them the riskiest IoT device. Then there are the printerswith 37% unpatched Cve and 30% unpatched critical severity Cve, and VoIP devices: Although 53% of them have unpatched CVEs, only 2% have unpatched CVEs of critical severity.
“These numbers are a strong indicator of the challenges healthcare organizations face globally. Advances in technology are essential to improve the speed and quality of care delivery, with the industry grappling with a shortage of care providers, but with increasingly connected care also comes a greater attack surface ”, he comments Mohammad Waqas, Principal Solutions Architect for Healthcare at Armis. “Protecting all types of connected devices, medical, IoT, even building management systems, with complete visibility and continuous and contextual monitoring is a key element to ensure patient safety”.
The IT challenges for the healthcare sector: lack of personnel
Cybersecurity threats in the healthcare sector are also the focus of new research Extreme Networks entitled “Emerging from the Covid Pandemic“, created in collaboration with the Healthcare Information and Management Systems Society. In this case, the study highlights how some of the issues affecting productivity in the healthcare sector, including personnel, the lack of budget and precisely cybersecurity may all be symptoms of a larger underlying problem: underinvestment in technology, and particularly in network infrastructure, to support the needs of modern healthcare organizations. The survey polled 100 healthcare executives and IT/technology decision makers in the United States.
59% of respondents ranked cybersecurity challenges among their top three organizational challenges, and 54% ranked cybersecurity as the most important investment for the next 12-18 months. Thirty-six percent ranked next-generation healthcare applications as their most important technology investment, and 75% of technology decision-makers with purchasing power said they plan to upgrade cloud infrastructure in the next 12-18 months.
93% of respondents agree that the network plays an important role in the success of hospital operations and patient experience: 96% of the sample uses Wi-Fi to enable the mobile devices of clinical staffwhile 83% rely on Wi-Fi for patient monitoring.
The shortage of IT staff it’s not just about securitybut has a significant impact on clinical productivity: 47% of respondents listed IT staff shortages as one of their top three challenges for the next few years.
McKinsey: a new approach to cybersecurity for the IoT
The healthcare sector, however, represents only a slice of a market that will increasingly need solutions capable of securing connected objects and IoT systems. A new study by McKinsey & Company by title “Cybersecurity for the IoT: How trust can unlock value”, which analyzes the potential of the Internet of Things and the growth possibilities given by the convergence with cybersecurity, says that by 2030, the market for IoT vendors could reach an estimated $500 billionwith a Cagr of 11% from 2025 to 2030. The convergence between cybersecurity and IoT, today a still fragmented solution, it could represent the main road for the latter to reach its full potential as a completely interconnected ecosystem.
The study showed that it exists a gap between IoT buyers and vendors on IoT adoption timelines, digital privacy, digital trust considerations and the degree of delay in adoption due to fragmented decision-making processes. Knowledge of some of these elements would help future leaders of the tech sector, on both the buyer and supplier side, to understand the needs of the other party and thus unlock value for the sector.
At the same time, cybersecurity solutions will have to undergo customization at the product levelwhile also considering an end-to-end approach that considers security across the entire scope of the data architecture for IoT use cases.
For the purpose of the study, McKinsey conducted a survey of companies and decision makers from around the world on the topic of IoT. Survey participants, across all industries, cite cybersecurity deficiencies as a major barrier to IoT adoption (30%). 40% of respondents also indicate that they would increase IoT budget and penetration by 25% or more if cybersecurity issues were resolved.
Approximately 80% of the IoT vendors surveyed are incorporating security in some form into their IoT products and approx 70% of cybersecurity vendors are building IoT-specific products, indicating early signs of convergence.
Cybersecurity interventions can benefit all sectors, but some sectors are inclined to exploit the value of the IoT to a greater extent. Those with the highest cyber risk also have the highest value to unlock through improved cybersecurity practices; among these, in addition to health care, there are the manufacturing and industrial sectors, mobility and transport and smart-cities.
Most IoT systems today are designed for a one-way flow of data – from sensor monitoring to data analysis – controlled by humans. Transitioning IoT cybersecurity to a holistic, system-wide approach can enable the transition to IoT systems that need no human interface. This would involve a change in how IoT solutions are designed and implemented, which occurs in the case of a convergence. Convergence can be architectural, parallel design, or adding software. Architecturally, IoT solution providers embed secure code into underlying software at all levels of the technology stack (including firmware and hardware). At the parallel design level, IoT solution providers and cybersecurity solution providers collaborate strategically during the IoT system design process (for example, from platform to cloud). With software add-ons, IoT solution providers install additional cybersecurity solutions to protect applications.
@ALL RIGHTS RESERVED