Skip to main content
close search
site logo
Dive Brief

Report names connected medical devices with the biggest cybersecurity risks

Published April 21, 2023
By
Contributor
A series of hexagonal blocks with locks on them, one of which is broken, with a red background.
Andrii Yalanskyi via Getty Images

Dive Brief:

  • Nurse call systems, infusion pumps and medication dispensing technologies are the riskiest medical devices with Internet connectivity, according to security company Armis.
  • The conclusion is based on an analysis of common vulnerabilities and exposures (CVEs). Armis’ assessment found 39% of nurse call systems and 27% of infusion pumps have unpatched critical severity CVEs.
  • The report comes as the U.S. Food and Drug Administration prepares to start requiring medical device makers to provide cybersecurity information as part of their pre-market submissions.

Dive Insight:

The Internet of Medical Things (IoMT) has enabled medical devices to transmit data and physicians to remotely adjust settings to tailor treatments. However, connecting medical devices to the Internet has also created cybersecurity risks, as is shown by the steady stream of reports of vulnerabilities that could allow hackers to access personal health data and interfere with treatment. 

"With increasingly connected care comes a bigger attack surface.”

Mohammad Waqas

Principal solutions architect for healthcare at Armis

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” Mohammad Waqas, principal solutions architect for healthcare at Armis, said in a statement. 

Seeking to identify the devices that pose the biggest risks to healthcare systems, Armis analyzed data in its security platform. The analysis showed nurse call systems and infusion pumps have the highest number of severely vulnerable unpatched CVEs.

Medication dispensing systems have far fewer so-called “critical severity” unpatched CVEs, at 4%, but are beset by less-severe problems. Armis found 86% of the systems have unpatched CVEs of any severity, compared to 48% of nurse call systems and 30% of infusion pumps. 

Almost one-third, 32%, of the medication dispensing systems run on unsupported versions of Windows. Overall, 19% of devices are running unsupported versions of operating systems. Some medical devices have lifespans that far exceed the amount of time that software providers support operating systems, making outdated versions a key cybersecurity concern.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
New Published Study Shows MedLite ID as Faster and Simpler Solution to Primary Medication Infu…
From Orion Innovations
November 20, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
SYNDEO Medical Announces European MDR Approval for Two Product Brands
From SYNDEO Medical
November 06, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Editors' picks
Latest in Digital Health
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell