Medical Devices Intro Major Bluekeep Risk to Hospitals

Medical Devices Intro Major Bluekeep Risk to Hospitals

Medical devices represent a major risk to healthcare organizations (HCOs), and are twice as likely as standard network devices to be vulnerable to Bluekeep, according to CyberMDX.



The security vendor’s 2020 Healthcare Security Vision Report claimed that a third (30%) of US HCOs have experienced a cyber-attack in the past 12 months.



Connected devices are an increasing source of risk, as many are left unpatched and unmanaged, the report claimed. For example, 55% of imaging devices run unpatched or outdated Windows versions which could leave them vulnerable to Bluekeep.



This is an RCE flaw in Windows Remote Desktop Services (RDS) which could enable an attacker to take complete control of a machine to spread malware or launch info-stealing attacks. It affects Windows XP to Windows 7 and Server 2003 to Server 2008 R2 computers, and could spread without user interaction in a way similar to the EternalBlue exploit that enabled WannaCry to do so much damage to the NHS.



CyberMDX uncovered a range of security issues among HCOs, claiming that 11% don’t patch devices at all, and that a typical hospital will have patched only 40% or fewer vulnerable devices four months after a bug disclosure.



There’s more: a quarter (25%) don’t possess a full inventory of connected devices, while a further 13% admit theirs is unreliable. A third (34%) say they don ..

Support the originator by clicking the read the rest link below.