According to CyberMDX, medical devices pose a serious threat to healthcare organizations (HCOs) and are twice as likely as general network devices to be vulnerable to Bluekeep. 

The 2020 Healthcare Security Vision Report found that thirty percent of US healthcare organizations have experienced a cyber-attack over the last 12 months. These breaches reportedly cost an average of $6.45 million - a figure sixty-five percent higher than that of the cross-industry average. This is the ninth year in a row that HCOs suffer the highest cost of a breach.

Connected devices are a growing source of risk for these organizations as many are left unpatched and unmanaged. Eleven percent of organizations reportedly do not implement patches or software updates and nine percent only apply patches and updates after an attack. Additionally, the report found that a typical hospital will have patched only forty percent or fewer vulnerable devices over four months after a bug is disclosed.

The report found that 55% of imaging devices run unpatched or outdated versions of Windows, leaving them vulnerable to Bluekeep. Bluekeep is an RCE flaw found in Windows Remote Desktop Services (RDS) that allows an attacker to take control of a machine to spread malware or launch data-stealing attacks. It affects Windows XP to Windows 7 as well as Server 2003 and Server 2008 R2 computers. Bluekeep spreads without user interaction in a way that's similar to the EternalBlue exploit that allowed WannaCry to wreak havoc at the NHS. 

Shockingly, the report found that over twenty-five percent of HCOs do not possess a full inventory of connected devices, while 13% claim theirs is unreliable. Even worse, a third of organizations reportedly do not identify, profile or continuously monitor medical devices, while twenty-one percent do this manually, something that's not sustainable given the massive amount of endpoints. Given this information, it should come as no surprise that the average hospital has lost track of thirty percent of its devices. 

Things get even more uncomfortable when you learn that at least ten hospitals had to turn away patients last year due to ransomware attacks. Three of those hospitals were US-based, while the remaining seven were in Australia. This threat is projected to only get worse moving forward, posing a fundamental threat to patient safety. 

If you're a hospital executive, these stats should have you very concerned. Hospitals are not doing nearly enough to defend against these threats and to protect against these attacks HCOs will need to continuously review configuration practices, implement network segmentation, vulnerability monitoring, patching and upgrading, as well as access controls. 

>> Learn about NNT's security suite for the healthcare industry

>> Learn about the problem with running outdated software in our latest whitepaper

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.