Armis identifies nurse call systems as riskiest IoMT device

Cyber Security, News

  • 15 May 2023
Armis identifies nurse call systems as riskiest IoMT device
Cora Lydon
June 15, 2021

New research from Armis, an asset visibility and security company, has revealed that nurse call systems are the most at risk of malicious activity in clinical environments, followed by infusion pumps and medication dispensing systems.

According to a study last year from Juniper Research, smart hospitals are expected to deploy over seven million Internet of Medical Things (IoMT) devices, by 2026, doubling the amount available in 2021. While connected devices in a medical environment are improving patient care, the fact they are vulnerable to cyberattacks means there is the possibility that patient care could be interrupted.

Analysis of data from the Armis Asset Intelligence and Security Platform revealed:

  • Nurse call systems are the riskiest connected medical device, with 39% having critical severity unpatched Common Vulnerabilities and Exposures (CVEs), and 48% having unpatched CVEs.
  • 27% of infusion pumps have critical severity CVEs, and 30% have unpatched CVEs.
  • Although medication dispensing systems have critical severity unpatched CVEs in just 4% of devices, 86% have unpatched CVEs. In addition, 32% of them are running on unsupported OS versions.
  • 19% of connected medical devices are running unsupported OS versions.
  • 56% of IP cameras in clinical environments have critical severity unpatched CVEs, with 59% having unpatched CVEs.

Mohammad Waqas, principal solutions architect for healthcare at Armis, said: “These numbers are a strong indicator of the challenges faced by healthcare organisations globally.

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface.

“Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualised monitoring is a key element to ensuring patient safety.”

A number of cyber attacks have in the past severely affected NHS services – including 2022’s Advanced attack and the infamous 2017 WannaCry attack. This month a new Advisory Council formed of world leaders in cybersecurity has been formed, to help share insights and drive innovation to tackle the security challenges the healthcare sector is facing.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Following Ferris: assessing the impact of Dr Tim Ferris on…

Next News

University Hospitals of Derby and Burton to trial smart wound…

Related News

Synnovis attack led to at least five cases of ‘moderate’ patient harm
News November 12, 2024

Synnovis attack led to at least five cases of ‘moderate’ patient harm

The Synnovis cyber attack led to at least 119 incidents of patient harm, including at least five cases of 'moderate harm', figures show.
How to equip NHS staff with cyber security skills they will use
Opinion October 30, 2024

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
How to find your inner ‘cyber defender’
Opinion October 16, 2024

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.