According to CyberMDX, medical devices pose a serious threat to healthcare organizations (HCOs) and are twice as likely as general network devices to be vulnerable to Bluekeep. 

The 2020 Healthcare Security Vision Report found that thirty percent of US healthcare organizations have experienced a cyber-attack over the last 12 months. These breaches reportedly cost an average of $6.45 million - a figure sixty-five percent higher than that of the cross-industry average. This is the ninth year in a row that HCOs suffer the highest cost of a breach.

Connected devices are a growing source of risk for these organizations as many are left unpatched and unmanaged. Eleven percent of organizations reportedly do not implement patches or software updates and nine percent only apply patches and updates after an attack. Additionally, the report found that a typical hospital will have patched only forty percent or fewer vulnerable devices over four months after a bug is disclosed.

The report found that 55% of imaging devices run unpatched or outdated versions of Windows, leaving them vulnerable to Bluekeep. Bluekeep is an RCE flaw found in Windows Remote Desktop Services (RDS) that allows an attacker to take control of a machine to spread malware or launch data-stealing attacks. It affects Windows XP to Windows 7 as well as Server 2003 and Server 2008 R2 computers. Bluekeep spreads without user interaction in a way that's similar to the EternalBlue exploit that allowed WannaCry to wreak havoc at the NHS. 

Shockingly, the report found that over twenty-five percent of HCOs do not possess a full inventory of connected devices, while 13% claim theirs is unreliable. Even worse, a third of organizations reportedly do not identify, profile or continuously monitor medical devices, while twenty-one percent do this manually, something that's not sustainable given the massive amount of endpoints. Given this information, it should come as no surprise that the average hospital has lost track of thirty percent of its devices. 

Things get even more uncomfortable when you learn that at least ten hospitals had to turn away patients last year due to ransomware attacks. Three of those hospitals were US-based, while the remaining seven were in Australia. This threat is projected to only get worse moving forward, posing a fundamental threat to patient safety. 

If you're a hospital executive, these stats should have you very concerned. Hospitals are not doing nearly enough to defend against these threats and to protect against these attacks HCOs will need to continuously review configuration practices, implement network segmentation, vulnerability monitoring, patching and upgrading, as well as access controls. 

>> Learn about NNT's security suite for the healthcare industry

>> Learn about the problem with running outdated software in our latest whitepaper

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
NNT logo New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
email [email protected]
UK Office
NNT logo New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.