February 22 2020: It was recently reported that connected medical devices, or MIoT devices, are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks.
According to a new report from researchers at CyberMDX, 22% of all Windows devices in a typical hospital are exposed to BlueKeep. This is because they haven't received the relevant patches. However, when it comes to MIoT devices running on Windows, the figure rises to 45% – meaning almost half are vulnerable!
Tim Mackey, Principal Security Strategist at Synopsys Software Integrity Group, shares his thoughts on this.
By their very nature, hospital systems are open environments where patients are allowed privacy both prior to and following treatment, and where visitors often have largely open access to visit patients.
From a cybersecurity perspective, such access requires additional safeguards be put in place to limit any potential for unauthorised access to devices or data. Complicating matters, implementing authentication mechanisms common in commercial settings (like MFA) wouldn’t be advisable when seconds could impact a medical outcome.
Solving for this problem requires the medical community to recognise that cyber threats are as real a possibility as any transmissible medical condition and look at their cyber response plans in the same light as they would any medical protocol. This can and should include applying lessons from the zero trust world for mobile computing devices, whitelisting devices permitted on networks connected to patient record stores or treatment plans, and investing in auditable smart access technologies to ensure only approved clinicians and providers can access medical records.
These investments in process change will naturally lead to costs for any hospital system, but when you consider the value placed by hackers on medical records and the reality as reported in the 2019 IBM Cost of Data Breach Report that hospital systems took on average 326 days to identify and contain a breach – any investment is a move in the right direction.
---------------------------------------------------------------------------------------------------------------------------------------
BlueKeep is a vulnerability in Microsoft's Remote Desktop Protocol (RDP) service which was discovered last year, and impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008.
Microsoft issued a patch for BlueKeep after it came to light in May 2019, and security authorities including the US National Security Agency (NSA) and the UK's National Cyber Security Centre (NCSC) issued urgent warnings about patching vulnerable systems.