A majority of Windows devices (71%) within healthcare are running on software that is set to expire in 2020, leaving systems more vulnerable, according to a report published by Forescout.
The Forescout Device Cloud Report revealed today that a majority of networks still use unsupported Microsoft Windows operating systems, including Windows 7, Windows 2008 and Windows Mobile. Microsoft support is planned to expire in January 2020, and health systems that run on unsupported systems could expose their vulnerabilities and hurt regulatory compliance.
But updates to these systems are costly. Certain medical devices will not work on recent versions of Windows due to lack of support, compatibility and license schema issues.
The insights from the report represent 75 healthcare deployments with more than 10,000 virtual local area networks and 1.5 million devices within the Forescout Device Cloud.
Cybersecurity challenges have increased because of the diversity of device vendors and operating systems on medical networks.
Research revealed that 40% of healthcare deployments had more than 20 different operating systems. On medical virtual local area networks, 59% operate on Windows and 41% operate on a mix of mobile, embedded firmware and network infrastructure.
A majority of devices on virtual local area networks had high-risk services turned on, which allows uncontrolled access for cyberattackers to get beyond the perimeter and move laterally.
The research showed that 95% of devices running on Windows OS have Server Message Block protocol turned on. This transport protocol is used for file sharing, printer sharing and access to remote Windows services. Infamous ransomware attacks WannaCry and NotPetya exploited vulnerabilities in Server Message Block protocol.
Traditional computing devices (53%) are the most common devices on medical networks, followed by Internet of Things (IoT) devices. For operational technology (OT) devices, the three most common connected medical devices are patient tracking and identification systems (38%). Infusion pumps (32%) and patient monitors (12%) followed. All of these OT devices represent potential vulnerabilities on the attack surface of the medical network.
“The convergence of (information technology), IoT and OT makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks,” a Forescout press release noted.
The release noted that traditional information technology still represents the most vulnerable attack surface.
Forescout found that it is critical to have agentless detection of all IP-connected devices. It is also recommended to use rapid and granular auto-classification for extracting contextual insights from devices on the network.
Medical devices need to be continuously monitored to detect changes. Nonstop monitoring provides security teams with situational awareness to track information behavior.
Send this to a friend