46% of Medical IoT Devices Have a Vulnerability, a New Study Reveals
For 53% of institutions, breaches in connected systems affect patients — e.g., lead to delayed surgeries or transfers to other facilities.
Types of IoT devices
In the pursuit of personalized care, medical organizations are adopting IoT devices to collect health-critical information in real time and improve the quality of treatment. A February 2023 report from Cynerio revealed that the most popular types of connected device in hospitals are IV pumps, patients monitors, and glucometers.
More institutions are integrating the readings from remote patient monitoring equipment with centralized medical systems. According to a November 2022 study by CHiME, almost 90% of organizations send EKG information directly to an electronic health records (EHR) system. Additionally, 80% upload blood pressure information, and 76% integrate medication dispensing information. The research also shows that 51% of healthcare organizations integrate wearables data with EHRs.
At the same time, medical IoT devices use a variety of operating systems. CHiME indicates that Linux is by far the most popular, with a 46% share. However, more than half of devices use a variety of heterogeneous proprietary platforms, as well as outdated ones, such as Windows CE. In general, 82% of respondents in a Capterra survey (2022) noted medical devices running an operating system from Microsoft older than Windows 10.
As the use of robotics, sensors, and digital technologies continue to grow, new opportunities for exploitation emerge. A February 2023 report from Health-ISAC found that hospitals with a higher number of connected medical devices faced more cyberattacks and had increased chances of multiple incidents.
This article explores the most common types of vulnerabilities, sheds some light on what to expect in 2023, as well as provides recommendations from IoT security experts.
