Protecting Critical Devices Requires Protecting ALL Devices
By now we are aware of how much the growth of IoT has impacted the healthcare industry. Connected medical devices have transformed medicine. And while these devices have improved efficiency and dramatically improved patient outcomes, their rise has been accompanied by both increases in cyber attacks and a shift in the way attackers attempt to exploit vulnerabilities.
With the emergence of IoT as the #1 attack vector, hospitals and healthcare organizations have begun to focus on securing their connected medical devices (commonly referred to as the Internet of Medical Things, or IoMT). Unfortunately, focusing on only IoMT can leave gaping holes in a network’s security.
Imagine that your organization has a security platform that allows you to see all of the IoMT devices on your network. You can see devices that appear to be safe, and perhaps your team has partitioned off those devices that pose a potential threat.
But what about security cameras, connected building control systems, printers, and other IoT devices? Without being able to see these devices, how can you be certain that they can’t be used to gain access to your network? An attacker exploiting a vulnerability in a security camera may be able to use that vulnerability to gain access to important patient data, or worse. Because IoT devices interact with the physical world, an attacker who has gained access to a hospital’s network may be able to threaten physical harm, system shutdowns, and loss of life.
Being able to see every device on your network is still only part of the picture. Because of the complex supply chains involved in the manufacturing of medical and other IoT devices, it’s not possible to truly assess the risk associated with each device without looking deep into its firmware.
For example, Finite State recently analyzed a popular patient monitor used in healthcare facilities across North America. Though the device only had three vulnerabilities reported against it in the National Vulnerability Database, through our firmware analysis we were able to uncover 1,164 known CVEs that were associated with the software components embedded in the device’s firmware. (We discussed this in more detail in an earlier blog post.)
This means that even IoMT devices that seem secure can pose a greater risk than anticipated. Firmware analysis is the critical first step in discovering these vulnerabilities.
Seeing the Whole Picture
IoT security is complex, and it’s clear that traditional cybersecurity is no longer enough. Device visibility and firmware analysis are crucial to understanding and mitigating the risk associated with the hundreds of connected devices found on our networks. Seeing only part of the picture leaves healthcare organizations and the people they serve at greater risk than ever before.