Exposed Devices and Supply Chain Attacks: Overlooked Risks in Healthcare Networks (Trend Micro)
“We discovered exposed medical systems — including those that store medical-related images, healthcare software interfaces, and even misconfigured hospital networks — which should not be viewable publicly. While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices and systems can potentially be used by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, and so on. Furthermore, it shows that a massive amount of sensitive information is publicly available when they shouldn’t be.”
The article linked above and the companion Trend Micro blog post, along with the entire 61 page pdf report (available here) do a really good job of covering the range of threats confronting healthcare networks today.
The internet of things (IoT) offers so much of benefit — remote monitoring, diagnosis, collaboration, home healthcare, devices, etc. — to healthcare providers and patients that it is inconceivable that it will be abandoned. There are, however, significant privacy and health outcome risks associated with putting practically every software application, sensor, device and record within reach of the internet.
How large healthcare providers harness the IoT for better care delivery while minimizing the associated risks will go a long way toward sorting out the winners and losers in the business of healthcare.
Cyber security, identity assurance, and training are of critical importance if the promise of the healthcare IoT is to be kept for healthcare providers and patients alike.