The medical internet of things (IoT) is no longer a futuristic concept. It is here today, and it includes devices you may have never considered a part of the patient care ecosystem, such as elevators, beds, exit signs and clocks. Between those operational technologies and the devices the U.S. Food and Drug Administration (FDA) has already deemed critical, the healthcare vulnerability landscape continues to expand, with each connected device potentially elevating the risk of an attack.
The Vulnerability Scanning Conundrum
With medical devices becoming connected devices, we have seen vulnerability scanning become commonplace among many hospitals. The main drivers seem to be regulatory mandates, high-profile breaches and the overall concern that one compromise could potentially impact patient health. The challenge, however, is that with hundreds of medical IoT — or internet of medical things (IoMT) — devices connecting to the network, scans can produce an endless pile of vulnerabilities.
Deciding which vulnerabilities should be remediated first can be challenging, and for the hospitals that do prioritize their remediation efforts, basing actions solely on technical risk may not be sufficient. For example, let’s say a device has 10 vulnerabilities. Focusing on the technical risk means security teams only assess what those vulnerabilities can do to the device itself. If one vulnerability could shut down a device, then it may be bumped to the top for remediation. That strategy, however, can omit key contextual information, such as if the device is attached to a patient, what services the device delivers, which other ..
Support the originator by clicking the read the rest link below.
