Skip to main content
close search
site logo
Dive Brief

Report names connected medical devices with the biggest cybersecurity risks

Published April 21, 2023
By
Contributor
A series of hexagonal blocks with locks on them, one of which is broken, with a red background.
Andrii Yalanskyi via Getty Images

Dive Brief:

  • Nurse call systems, infusion pumps and medication dispensing technologies are the riskiest medical devices with Internet connectivity, according to security company Armis.
  • The conclusion is based on an analysis of common vulnerabilities and exposures (CVEs). Armis’ assessment found 39% of nurse call systems and 27% of infusion pumps have unpatched critical severity CVEs.
  • The report comes as the U.S. Food and Drug Administration prepares to start requiring medical device makers to provide cybersecurity information as part of their pre-market submissions.

Dive Insight:

The Internet of Medical Things (IoMT) has enabled medical devices to transmit data and physicians to remotely adjust settings to tailor treatments. However, connecting medical devices to the Internet has also created cybersecurity risks, as is shown by the steady stream of reports of vulnerabilities that could allow hackers to access personal health data and interfere with treatment. 

"With increasingly connected care comes a bigger attack surface.”

Mohammad Waqas

Principal solutions architect for healthcare at Armis

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” Mohammad Waqas, principal solutions architect for healthcare at Armis, said in a statement. 

Seeking to identify the devices that pose the biggest risks to healthcare systems, Armis analyzed data in its security platform. The analysis showed nurse call systems and infusion pumps have the highest number of severely vulnerable unpatched CVEs.

Medication dispensing systems have far fewer so-called “critical severity” unpatched CVEs, at 4%, but are beset by less-severe problems. Armis found 86% of the systems have unpatched CVEs of any severity, compared to 48% of nurse call systems and 30% of infusion pumps. 

Almost one-third, 32%, of the medication dispensing systems run on unsupported versions of Windows. Overall, 19% of devices are running unsupported versions of operating systems. Some medical devices have lifespans that far exceed the amount of time that software providers support operating systems, making outdated versions a key cybersecurity concern.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Echosens Launches its Liver Health Management (LHM) Platform Globally, Streamlining Liver Care
From Echosens
November 04, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Survey Shows Growing Dependence on Contracts Among Medical Device Companies, Even as Contract …
From AcuityMD
October 21, 2024
identifeye Health Unveils AI-Enabled Automated Camera System to Make Retinal Imaging More Acce…
From identifeye HEALTH
October 17, 2024
Editors' picks
Latest in Digital Health
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell