While patient safety risks posed by unpatched security vulnerabilities in legacy medical devices often grab headlines, healthcare entities must not underestimate the serious business risks involving other poorly secured IoT and OT gear used in their environments, said Mohammad Waqas of security firm Armis.
Risks range from patient data privacy breaches to attackers hijacking an entire hospital network, he said, citing a recent Armis research study (see: Most Common Connected Devices That Pose Risks to Hospitals).
“If one device on the network is compromised … and an attacker takes control of that, they can very easily pivot over and take control of medical devices, IP cameras, nurse call systems and facility systems,” he said. “That’s why we’re seeing a lot of focus on healthcare organizations now trying to go under a segmentation project, trying to break up their networks and secure them into smaller chunks.”
In this interview with Information Security Media Group (see audio link below photo), Waqas also discussed:
- Key findings from a recent security study about OT, IoT and other devices used in healthcare environments;
- Why nurse call systems and similar connected gear are among the riskiest devices used in healthcare settings;
- Steps healthcare organizations can take to better mitigate security risks involving legacy devices.
As principal solutions architect for healthcare at Armis, Waqas helps healthcare organizations globally secure unmanaged, IoT and medical devices. He has over a decade of experience in the healthcare cybersecurity industry.