Forescout Vedere Labs identifies medical equipment with the most Schwachstellen

Health care

31.10.2024Forest ranger | Author: Herbert Wieler

Forescout Technologies, Inc. has done a thorough investigation into the company’s cybersecurity, explained the post “Revealing the Persistent Risks of Connected Medical Devices “. Based on the message “The Riskiest Connected Devices in 2024” from June, this study analyzed more than 2 million Geräte in 45 healthcare organizations (healthcare organizations, abgekürzt: HDOs) in the month of May 2024. Die Ergebnisse said a waiting Risiko durch vernetzte medizinische Geräte, I have been working with them since Digital Imaging and Communications in Medicine (DICOM) Workstations and Picture Archiving and Communication Systems (PACS), Pumpensteuerungen and medizinische Informationssysteme since.

Hackerangriffe is one of the main causes of dating protection failures. In 2023, the US Department of Health reported 595 hacking incidents, which was a Durchschnitt von 1.6 Datenschutzverletzungen pro Tag in Gesundheitseinrichtungen entspricht. The new study from Forescout Research – Vedere Labs identifies 162 Schwachstellen, the development of the Internet of Medical Things (IoMT) affects. In most cases, cybercriminal souls are angry with medical care, sensible patients are given information, personal identification of information and medical and treatment history. I fear that fear of health care will increase and patient certainty will immediately increase.

“The ongoing collaboration of IoMT companies has brought new cyber risks, and cyber crime has resulted in financial loss due to the loss of money or the sale of patients on the Dark Web,” said Barry Mainz, CEO of Forescout . These devices can last 10 years or more, and people may be out of touch with modern devices. When you place a bet for the first time, it is very difficult to activate or patch the software, and it is removed as a head for cyber criminals.”

These are the most important points of Forescout-Forschung:

The three hazard risks are critical for HDOs

DICOM workstations and PACS (32% critical, unpatched Schwachstellen), Pumpensteuerungen (26% critical, unpatched Schwachstellen and 20% with more extreme configurations) and Mediterranean information system (18% critical, unpatched Schwachstellen) are highly motivated devices and devices A ferngesteuerten service refusal, zur Offenlegung von Informationen or zur ferngesteuerten Codeausführung führen.

Cyber ​​criminals use the DICOM server

Many organizations have organized a straightforward communication, it was a simple, medizinic view of the DICOM server to work or manipulate, and also to spread malware. From August 2022 to May 2024, the DICOM server will be set to 27.5%. In a Honeypot, from May 2023 to May 2024 sweet, beobachtete Forescout 1.6 Millionen Angriffe auf diese Server, in Durchschnitt an Angriff all 20 Sekunden. When it comes to most scans and automatic processing of scans, standard services with HTTP applications, a few times will be wise to protect patients.

Windows system is defective

Bei der half der Zehn Größten SchwachStellen Handelt Es sich um critical fehler in Windows-Systemen, Die Zu Einer Vollständigen übernahme Eines Geräts Gerät-code Promittierten Netzwerken Verbunden Sind .

The device includes anti-malware protection

52% of IoMT-ready Windows software is used, with 10% of IoMT-ready active malware protection. It is a matter of software and security protection for integrated security, endpoint protection and security and network security.

“Healthcare organizations are increasingly confronted with medical devices that are used in a standardized or non-standardized manner,” said Daniel dos Santos, leader of the Security Research at Forescout Research – Vedere Labs. “A single Schwachstelle can die from sensible patient treatment. Deshalb is the identification and classification of assets, the combination of communication flows in the network, the segmentation of networks and the continuous monitoring of separate companies for the security of network work in healthcare.” Forescout Research – Vedere Labs ist der Branchenführer im Bereich Geräteintelligence, der single and own properties for the Forescout Platform.