Security News

A Software Advice survey revealed how cyberattacks can negatively impact healthcare providers by threatening core functions and patient privacy. According to findings, 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years.

Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. According to the survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally.

The genesis of this resource was the recognition that medical device cybersecurity responsibility and accountability between Medical Device Manufacturers and Health Delivery Organizations is complicated by many conflicting factors, including: uneven MDM capabilities and investment in cybersecurity controls built into device design and production; varying expectations for cybersecurity among HDOs; and high cybersecurity management costs in the HDO operational environment throughout the device lifecycle. The purpose of this Model Contract Language is to offer a reference for shared cooperation and coordination between HDO's and MDM's regarding the security, compliance, management, operation, services, and security of MDM-managed medical devices, solutions, and connections.

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors. Developed by Parametric Technology Corporation, the Axeda platform through locally deployed agents provides telemetry data from IoT devices on the network and the option for remote service.

March 2022 Patch Tuesday forecast: Pressure mounts to resolve vulnerabilitiesFebruary 2022 Patch Tuesday was an anomaly. How to empower IT Sec and Ops teams to anticipate and resolve IT problemsEvery IT system administrator knows the misery of facing a problem for which the root cause requires hours to unearth, all the while part of the IT infrastructure entrusted to them is unavailable to users, open to attack, or not compliant with mandatory security standards.

Data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are running with known security issues that attackers could exploit. Using data collected from customers, researchers at Palo Alto Networks analyzed the security state of over 200,000 infusion pumps and found that between 30,000 and at least 100,000 of them are vulnerable to critical security issues.

Guarding intellectual property has always been a priority for medical device manufacturers as competitors and even nation states are constantly trying to compromise or steal IP. For example, in January 2019, a Chinese national who stole secrets while working for medical device companies including Medtronic and Edwards, was sentenced to over two years in federal prison. Medical device companies face a very competitive environment, increasing the incentive for IP theft.

The rush to roll out remote healthcare has also unleashed a universe of wearable medical devices to collect sensitive data, which researchers say are widely vulnerable to attack. Analysts with Kaspersky Labs reported finding 33 vulnerabilities last year in the most widely used data transfer protocol for internet of things medical devices, known as MQTT - that's 10 more than the previous year.

After a year of unprecedented ransomware attacks on hospitals and healthcare systems - and with healthcare now the #1 target for cybercriminals - critical medical device risks in hospital environments continue to leave hospitals and their patients vulnerable to cyber attacks and data security issues.Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability.