Researchers explore real-world deployment of connected medical devices

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

ZingBox researchers detected, identified and analyzed the behavior of medical devices deployed in more than 50 hospitals, clinics, and other healthcare locations.

connected medical devices

Researchers looked at a wide range of medical devices, from infusion pumps and patient monitors to imaging systems and medical device gateways, highlighting vulnerabilities in hospital networks and shedding light on the causes of common security events.

Over the course of 2017, ZingBox analyzed tens of thousands of devices resulting in security issues covering vulnerabilities from user issues to outdated software. This data provides an unprecedented view into the makeup of a connected healthcare ecosystem and the common vulnerabilities introduced by IoT medical devices.

“Many organizations don’t have a clear picture of the vulnerabilities on their networks — or even what devices are connected on those networks,” said Xu Zou, CEO at ZingBox.

Most common security risks

The most common types of security risks were found to originate from user practice issues (e.g., using embedded browsers on medical workstations to surf the web, conduct online chat or download content), accounting for 41 percent of all security issues.

This was followed by outdated OS or software such as the use of legacy Windows OS, obsolete applications and unpatched firmware. These issues account for 33 percent or one-third of all security risks found on connected medical devices.

Infusion pumps are the most widely deployed connected medical devices but are not the leading cause of security issues. Imaging systems rank number one as it is the source for 51 percent of all security issues.

“It is interesting to point out that while infusion pumps make up nearly 50 percent of connected devices in hospitals, they don’t represent the largest cyberattack surface,” added Zou. “Security issues relating to infusion pumps were only at two percent. However, attention to protecting these devices should still be a priority since a successful attack on a single infusion pump could result in disabling the bulk of all infusion pumps through lateral movement and infection.”

connected medical devices

Additional findings

  • Medical devices make up less than a quarter of all devices found in dedicated medical networks
  • 43 percent of devices in networks dedicated for medical devices consist of PCs
  • Use of unauthorized applications (22 percent) and browsers (18 percent) make up the bulk of user practice issues and are the leading security issues for connected medical devices.

“As we continue to gain more knowledge about how attacks enter our systems, we can better arm our staff and networks to prevent these dangerous events,” said Zou.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.