Almost half of connected medical devices are vulnerable to hackers

beSpacific 2020-02-18

ZDNet – A new report suggests that vulnerabilities in medical devices could put hospital patients at risk from hackers – but there are some simple ways to protect against these attacks: “Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks, putting patients and staff at additional risk from cyber attacks. This is especially concerning when healthcare is already such a popular target for hacking campaigns. BlueKeep is a vulnerability in Microsoft’s Remote Desktop Protocol (RDP) service which was discovered last year, and impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008. Microsoft issued a patch for BlueKeep after it came to light in May 2019, and security authorities including the US National Security Agency (NSA) and the UK’s National Cyber Security Centre (NCSC) issued urgent warnings about patching vulnerable systems. It was feared that BlueKeep could be deployed as a worm in a similar fashion to EternalBlue — the exploit that powered WannaCry. This cyber attack affected organisations around the world, but one of the most high-profile victims was the UK’s National Health Service, which saw a number of hospital networks taken offline by the incident. However, despite warnings over a potential repeat, large numbers of standard Windows systems – and bespoke medical devices running Windows — remain vulnerable to BlueKeep attacks…”