As healthcare operators continually rely on medical devices in workflows, unsupported devices are likely to become more vulnerable to cyberattacks, according to a report from medical device and internet of things company Forescout.
The findings underscore that as medical devices can do more and become more prevalent, the risk of cyberattacks also grow.
Healthcare operators these days are utilizing a number of different devices on medical networks, though more than half are still traditional computing devices, while nearly 40% are IoT devices, such as network printers, tablets, and smart TVs.
Of devices that run Windows, 71% will see their software expire in 2020, opening up the risk of cyberattacks, according to Forescout.
“Running unsupported operating systems poses a risk that may expose vulnerabilities and has the potential to impact regulatory compliance,” the report reads.
Furthermore, the vast majority––85%––of medical devices running Windows OS had a protocol called Server Block Messaging turned on, “allowing uncontrolled access for attackers to get beyond the perimeter and move laterally,” the report reads. This network port may have been left on by default by the device manufacturer and never corrected by security IT staff at a healthcare facility.
The report comes at a time when cyberattacks on health information continue to grow. A survey conducted in 2018 found that 1 in 3 healthcare organizations had experienced a cyberattack in the last year.