KUALA LUMPUR, June 20 — A new report by Forescout Techonologies has found that the health care industry is the most vulnerable to future cyberattacks.
An analysis of 75 health care deployments, more than 10,000 virtual local area networks and 1.5 million devices, found that computing devices in health care were particularly at risk due to the increase in diversity and connectivity of devices used.
The challenge of ensuring that patches and updates for such devices were up to date was found to be formidable. Employees were found to be poorly educated regarding cybersecurity.
Aside from IoT (internet of things) devices such as notebooks, phones and tablets, medical systems were also affected. These involve patient tracking and ID systems, infusion pumps and patient monitors.
“Running unsupported operating systems poses a risk that may expose vulnerabilities and has the potential to impact regulatory compliance,” the report says. Many devices operate an older version of Windows or have legacy systems, which are either no longer supported, or on borrowed time.
The report also highlighted that health care institutions would often have a large number of vendors, providing them with different devices. This would complicate management of security integrity.
“Patching in health care environments, especially acute care facilities, can be challenging and require devices to remain online and available. Some healthcare devices cannot be patched, may require vendor approval or need manual implementation by remote maintenance personnel.”