Connected Medical Device Security – Forescout report


Increasingly, hospitals, GPs, aged care providers and other healthcare delivery organisations (HDOs) have complex network infrastructure with a growing volume of operational technology (OT), Internet of Things (IoT) and Internet of Medical Things (IoMT) devices alongside traditional IT, which is widening the attack surface in these organisations.

There has also been an increase in the number and sophistication of cyberattacks targeting HDOs as the ability to compromise devices and networks and obtain financial gain from patient data have gained traction.

In Australia, according to the latest Office of the Australian Information Commissioner (OAIC) notifiable data breach report, the health sector is again the highest reporting sector, notifying 22 per cent of all breaches for the January-June 2020 period.¹

To provide insight into the security posture of HDOs, Forescout Research Labs has released a new report: Connected Medical Device Security: A Deep Dive into Healthcare Networks.

Rohan Langdon, regional director – Australia and New Zealand, said, “The report has revealed that many HDOs have poorly segmented networks with a mix of personal and sensitive healthcare devices, including devices with default passwords, which is increasing their risk of cyberattack.”

The key findings of the new report include:

  1. Most healthcare networks have upgraded to Windows 10 over the past year and embraced segmentation with the number of virtual local area networks (VLANs) increasing when compared to 2019.
  2. There are still many examples of network segmentation issues found on the Forescout Device Cloud, including a mix of personal and medical devices in healthcare segments.
  3. The analysed HDOs heavily used insecure protocols for both medical and non-medical network communications.
  4. Easy-to-accomplish attacks were targeting point-of-care testing devices and patient monitors, some of the most commonly used IoMT devices in an HDO.

Rohan Langdon said, “Overall, the report highlighted that there are still several cybersecurity gaps and risks that need to be addressed. HDOs will have to contend with medical devices running legacy operating systems for the foreseeable future making it imperative to identify and mitigate this risk.

“Segmentation is a foundational control for risk mitigation in networks with a diversity of IT, IoT and OT devices. However, segmentation requires well-defined trust zones based on device identity, risk profiles and compliance requirements for it to be effective in reducing the attack surface and minimising blast radius.”