The riskiest connected healthcare devices continuing to pose a threat in 2023


The rise of digital technology within healthcare is nothing new, but it has been significantly shaped, and accelerated, by the pandemic. In recent years, technological advances have ramped up right across the healthcare sector to plug the gaps created by the absence of physical interaction.

Pre-pandemic, there was plenty of evidence of cutting-edge tech within healthcare. For instance, in the form of lab robots, digital records, data sharing, apps, remote monitoring devices and so on. At the same time, increasingly-sophisticated AI and robotics-fuelled innovations are being introduced and continue to be developed. Examples include connected wound dressings, 3D-printed implants and joints, and wearable biosensors designed to monitor patient health.

This wave of continuous tech innovation means endless opportunities to work smarter, improve patient satisfaction and tackle backlogs, among many other things. But it also means the healthcare sector is more vulnerable to cybersecurity attacks than ever before.

In 2021, 45 million people were affected by healthcare-related cyberattacks, up from 34 million in 2020. Last year, there were 46 data breaches in February alone, impacting 2.5 million people. The catalyst: the extensive range and scale of Internet of Medical Things (IoMT) that now exist within the sector.

While these connected devices are capable of achieving great things, they are also highly susceptible to being compromised by persistent cybercriminals. For example, Ireland’s equivalent of the NHS, the Health Service Executive (HSE) was struck by a cyberattack in 2021 through its national and local IT systems. The perpetrators used ransomware to prise open both its IT systems and once inside, locked access to patient data, damaged varying services and disabled medical equipment.

Alongside Internet of Medical Things (IoMT) devices, IT, Internet of Things (IoT) and Operational Technology (OT) devices are all at risk of being targeted once, twice or multiple times and in numerous ways. To highlight the true scale of the issue, the risk posture of more than 19 million devices across financial services, government, healthcare, manufacturing and retail were analysed to reveal the riskiest connected devices of 2022.

X-ray machines and patient monitors are among the riskiest IoMT devices

Connected medical devices have the potential to jeopardise both healthcare delivery and patient safety. Of the 45 million people who were impacted by healthcare-related cyber-attacks last year, a large proportion of them were affected by ransomware.

Ransomware attacks have the potential to trigger a domino-type effect, spreading to other parts of the network with other different medical devices and stopping them in their tracks. Besides the aforementioned HSE attack, other healthcare-related ransomware attacks include WannaCry in 2017, which saw an ambush on a hospital in Alabama affecting foetal monitors in 2019.

As a result of attacks like these, the NHS has introduced the Data Security and Protection Toolkit (DSPT) which outlines the best practice security controls NHS Trusts should have in place. Through this regulatory compliance mandate, all organisations that have access to NHS patient data and systems must complete the self-assessment to confirm they are practising sufficient data security.

In terms of the riskiest devices, research has revealed that DICOM workstations, nuclear medicine systems, imaging devices and PACS, which all relate to medical imaging, are ranked as the top five. Often, these devices run legacy-vulnerable IT operating systems, have extensive network connectivity to allow for sharing imaging files, and use the DICOM standard for sharing these files. The protocol supports message encryption, which is configured by individual healthcare organisations. But if left unencrypted, it not only provides a pathway for attackers to spread malware to other devices on the network, but to get hold of, and tamper with, medical images.

It is no surprise that patient monitors are widely recognised as being among the most common medical devices within healthcare organisations. However, they are also among the most vulnerable. Like medical imaging devices, they often communicate with unencrypted protocols, which means their readings can be tampered with by attackers.