Why Medical Devices Are Vulnerable?
Unlike typical computers and devices, most medical devices lack the proper mechanism for security software patching. Due to their long lifespan, it is quite common to find operational medical devices with very old, unpatched operating systems. Moreover, even if updates are possible, as software vulnerabilities are discovered, medical devices remain unprotected for long periods due to long and heavy development validation processes.
Insufficient Security Controls
The majority of medical devices lack basic cybersecurity controls for continuous endpoint security such as EDR (Endpoint Detection and Recovery), anti-virus, firewalls and other authentication mechanisms which are an integral part of the IT toolbox.
Lack of Visibility
Unlike other network assets, connected medical devices are hardly visible in the native IT control systems. IT teams are unable to quantify and identify the devices in real time and as such are unaware of their cybersecurity risk status. Furthermore, it is impossible to recognize compromised medical devices.
You cannot protect what you cannot see.