Armis identifies nurse call systems as riskiest IoMT device

  • 15 May 2023
Armis identifies nurse call systems as riskiest IoMT device

New research from Armis, an asset visibility and security company, has revealed that nurse call systems are the most at risk of malicious activity in clinical environments, followed by infusion pumps and medication dispensing systems.

According to a study last year from Juniper Research, smart hospitals are expected to deploy over seven million Internet of Medical Things (IoMT) devices, by 2026, doubling the amount available in 2021. While connected devices in a medical environment are improving patient care, the fact they are vulnerable to cyberattacks means there is the possibility that patient care could be interrupted.

Analysis of data from the Armis Asset Intelligence and Security Platform revealed:

  • Nurse call systems are the riskiest connected medical device, with 39% having critical severity unpatched Common Vulnerabilities and Exposures (CVEs), and 48% having unpatched CVEs.
  • 27% of infusion pumps have critical severity CVEs, and 30% have unpatched CVEs.
  • Although medication dispensing systems have critical severity unpatched CVEs in just 4% of devices, 86% have unpatched CVEs. In addition, 32% of them are running on unsupported OS versions.
  • 19% of connected medical devices are running unsupported OS versions.
  • 56% of IP cameras in clinical environments have critical severity unpatched CVEs, with 59% having unpatched CVEs.

Mohammad Waqas, principal solutions architect for healthcare at Armis, said: “These numbers are a strong indicator of the challenges faced by healthcare organisations globally.

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface.

“Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualised monitoring is a key element to ensuring patient safety.”

A number of cyber attacks have in the past severely affected NHS services – including 2022’s Advanced attack and the infamous 2017 WannaCry attack. This month a new Advisory Council formed of world leaders in cybersecurity has been formed, to help share insights and drive innovation to tackle the security challenges the healthcare sector is facing.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Blood transfusion IT systems restored at Guy’s and St Thomas’

Blood transfusion IT systems restored at Guy’s and St Thomas’

Guy's and St Thomas' NHS Foundation Trust is able to issue all blood group products for transfusions, following the cyber attack on Synnovis.
Cyber Security Bill will prevent future attacks on NHS, says DSIT

Cyber Security Bill will prevent future attacks on NHS, says DSIT

A Bill intended to improve UK cyber defences will prevent attacks similar to the ransomware attack impacting London hospitals, said the DSIT.
‘Two-factor authentication may have stopped Synnovis cyber attack’

‘Two-factor authentication may have stopped Synnovis cyber attack’

Beverley Bryant said that two-factor authentication is the biggest deterrent to cyber attacks in the NHS and healthcare sector.