In today’s highly connected healthcare environment, the integration of Internet of Medical Things (IoMT) and Operational Technology (OT) devices has revolutionized patient care and hospital operations. However, this digital transformation has ushered in significant security concerns. Vulnerabilities within these devices expose healthcare organizations to risks like ransomware, data breaches, and operational disruptions. Claroty’s recent analysis of IoMT and OT device vulnerabilities in healthcare networks presents a stark reminder of the potential threats and the need for a robust cybersecurity framework.
1. Scoping the Issue
Based on Claroty’s analysis, 99% of healthcare organizations have confirmed known exploited vulnerabilities (KEVs) within their IoMT and OT devices. The study analyzed over 2.25 million IoMT devices and more than 647,000 OT devices across 351 healthcare organizations. This extensive dataset revealed that 20% of hospital information systems managing clinical, administrative, and financial data are insecurely connected to the internet and contain KEVs linked to ransomware. These findings highlight the critical need for healthcare organizations to scope and account for essential processes by device type and department, ensuring all potential risks are identified and addressed proactively.
“Insecure connectivity in healthcare networks is a ticking time bomb,” states Ty Greenhalgh, industry principal for healthcare at Claroty. “With digital transformation driving more IoMT device connections, we must prioritize identifying at-risk assets and addressing KEVs to protect patient safety and maintain operational continuity.” Healthcare leaders must adopt a comprehensive approach to account for the cyber-physical systems, ensuring all assets are inventoried, monitored, and managed effectively.
2. Discovery of Vulnerable Devices
Healthcare organizations operate medical systems susceptible to publicly available exploits, with 89% operating such systems insecurely connected to the internet. These medical systems, often targeted by ransomware groups, are particularly vulnerable due to outdated legacy technology and lack of vendor support for operating systems. The discovery phase involves identifying these vulnerable devices along with their detailed attributes and communication patterns, which are crucial for developing a robust cybersecurity strategy.
Building management systems (BMS), used to monitor and control essential hospital functions such as heating, cooling, elevators, and fire safety, are a significant part of the OT infrastructure. Despite their critical role, a compromised BMS could jeopardize patient care by disrupting the environment necessary for storing medications or transporting patients. Claroty’s data revealed that 78% of organizations have OT devices with KEVs, highlighting the need for healthcare facilities to identify and prioritize these devices for remediation.
3. Prioritization of Vulnerabilities
Given the vast number of vulnerabilities present in healthcare networks, prioritization is key. For instance, imaging devices like X-rays, CT scans, and MRIs, which are interconnected and susceptible to exploitation, account for a substantial risk to patient care. Claroty’s data indicated that 8% of these imaging systems carry KEVs linked to ransomware, with 85% of healthcare organizations affected. The failure of imaging systems can critically impair triage efforts and delay necessary treatments, ultimately putting lives at risk.
A structured cybersecurity framework that considers the business impact and exploitability of vulnerabilities is essential. This approach allows healthcare security leaders to focus on the most critical vulnerabilities that pose the highest risk to patient safety and operational continuity. By aligning remediation efforts with guidelines, such as the Department of Health and Human Services’ Cyber Performance Goals, organizations can ensure a comprehensive defense against evolving cyber threats.
4. Validation of Exposures
The validation step is crucial to ensuring that all identified vulnerabilities are genuine and externally accessible. This process involves verifying that the detected vulnerabilities are not false positives and confirming their potential impact on the healthcare network. Validation provides a clear understanding of the actual risk posed by each vulnerability, allowing for more effective prioritization and remediation efforts.
For example, Claroty’s analysis highlights the risks associated with direct internet connectivity of IoMT and OT devices. Devices connected via open ports or non-enterprise-grade remote access solutions represent a significant exposure. Imaging devices, in particular, were identified as highly at risk, with over 195,000 devices containing KEVs. Validating these exposures helps healthcare organizations to accurately assess their vulnerability landscape and focus their security resources on the most pressing threats.
5. Mobilization and Mitigation
Once vulnerabilities have been identified, prioritized, and validated, the final step is mobilization. This involves reducing risk and securing operations through actionable mitigations and remedies. Healthcare organizations must adopt an exposure management approach that includes compensating controls, especially for vulnerable medical devices requiring FDA approval for updates.
Claroty proposes a five-step action plan tailored to healthcare environments. This strategic framework extends beyond traditional vulnerability management, offering cybersecurity decision-makers a comprehensive assessment of the hospital’s security posture and a targeted remediation plan. The plan includes scoping critical processes by device type and department, discovering devices and their attributes, prioritizing based on business impact and exploitability, validating exposures, and mobilizing actionable solutions.
Securing the Future of Healthcare
In today’s interconnected healthcare landscape, the advent of Internet of Medical Things (IoMT) and Operational Technology (OT) devices has fundamentally transformed patient care and hospital operations. These cutting-edge technologies improve efficiency and outcomes, making it easier to monitor patient conditions and streamline hospital workflows. However, this digital integration comes with its own set of significant security challenges.
Vulnerabilities within IoMT and OT devices can expose healthcare organizations to a host of cyber threats, including ransomware attacks, data breaches, and operational disruptions. A recent analysis by Claroty highlights the susceptibility of these devices to such threats, underscoring the urgent need for a robust cybersecurity framework in healthcare environments.
As these technologies become more ingrained in everyday medical practices, healthcare providers must prioritize the security and integrity of IoMT and OT devices. This means investing in advanced cybersecurity measures, continuous monitoring, and regular updates to protect sensitive patient information and ensure the uninterrupted functioning of critical medical devices. The Claroty analysis serves as a stark reminder of the potential dangers and the pressing necessity for vigilant cybersecurity defenses to safeguard against emerging threats in the healthcare sector.
