Armis identifies nurse call systems as riskiest IoMT device

  • 15 May 2023
Armis identifies nurse call systems as riskiest IoMT device

New research from Armis, an asset visibility and security company, has revealed that nurse call systems are the most at risk of malicious activity in clinical environments, followed by infusion pumps and medication dispensing systems.

According to a study last year from Juniper Research, smart hospitals are expected to deploy over seven million Internet of Medical Things (IoMT) devices, by 2026, doubling the amount available in 2021. While connected devices in a medical environment are improving patient care, the fact they are vulnerable to cyberattacks means there is the possibility that patient care could be interrupted.

Analysis of data from the Armis Asset Intelligence and Security Platform revealed:

  • Nurse call systems are the riskiest connected medical device, with 39% having critical severity unpatched Common Vulnerabilities and Exposures (CVEs), and 48% having unpatched CVEs.
  • 27% of infusion pumps have critical severity CVEs, and 30% have unpatched CVEs.
  • Although medication dispensing systems have critical severity unpatched CVEs in just 4% of devices, 86% have unpatched CVEs. In addition, 32% of them are running on unsupported OS versions.
  • 19% of connected medical devices are running unsupported OS versions.
  • 56% of IP cameras in clinical environments have critical severity unpatched CVEs, with 59% having unpatched CVEs.

Mohammad Waqas, principal solutions architect for healthcare at Armis, said: “These numbers are a strong indicator of the challenges faced by healthcare organisations globally.

“Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface.

“Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualised monitoring is a key element to ensuring patient safety.”

A number of cyber attacks have in the past severely affected NHS services – including 2022’s Advanced attack and the infamous 2017 WannaCry attack. This month a new Advisory Council formed of world leaders in cybersecurity has been formed, to help share insights and drive innovation to tackle the security challenges the healthcare sector is facing.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Over 6,000 operations and appointments delayed by London cyber attack

Over 6,000 operations and appointments delayed by London cyber attack

More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack, NHS England has confirmed.
Harnessing AI and cybersecurity to transform healthcare in the UK

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…
Junior doctors break strike to assist at sites hit by cyber attack

Junior doctors break strike to assist at sites hit by cyber attack

Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts continue to experience major disruption following the cyber attack on Synnovis.