Cybersecurity News

Most At-Risk Medical Devices: PACS, HL7 Gateway, Radiotherapy Systems

Forescout finds 35 percent of healthcare workstations operate on unsupported versions of Windows, with PACS, HL7 Gateway and Radiotherapy Systems as some of the riskiest devices in the sector.

healthcare data security medical device security endpoint security risk management

By Jessica Davis

- More than 35 percent of the workstations used in healthcare are operating on unsupported versions of Windows, with Picture Archiving and Communication Systems (PACS) and HL7 gateway among the riskiest devices in the sector, according to a new Forescout Research Labs report.

The report comes on the heels of several Department of Homeland Security alerts regarding Ripple20 vulnerabilities in millions of medical devices, as well as critical flaws found in six medical device platforms.

For its Enterprise of Things Security Report, researchers assessed the risk posture of over 8 million devices across five sectors, healthcare, government, manufacturing, financial services, and retail using defined metrics and data from Forescout’s Device Cloud, one of the largest repositories of connected enterprise device data.

Forescout found that across all sectors, medical devices, networking equipment, and VoIP phones are the riskiest device groups. Overall, device types posing the highest level of risk are those within physical access control systems due to the presence of many critical open ports, connectivity with risky devices,and known vulnerabilities.

More specifically, close to 20 percent of healthcare organizations have default SMB port 445 open, as well as 12 percent operating with default remote desktop protocol (RDP) port 3389 open.

“These services leave devices open to attacks from automated threats (such as botnets and ransomware) and Advanced Persistent Threats (APTs),” researchers wrote. “These devices -- especially medical devices – have enormous potential impact if compromised, and frequently have critical open ports that expose dangerous services on the network.”

“Connected medical devices are obviously risky because of their potential impact, both in terms of business continuity and, much more importantly, their potential to harm patients,” they added. 

Forescout also ranked the riskiest devices being used across all sectors.

In healthcare, the number one riskiest device is the pneumatic tube system, followed by uninterruptible power supply, HL7 Gateway, PACS Archive, radiotherapy system, sterilization, physical access control, radiology workstation, HVAC, and programmable logic controller.

Pneumatic tube systems are widespread in healthcare, used to carry thousands of sensitive lab samples and prescriptions throughout the network.

Forescout stressed that the actual ranking of the device is less important than the overall digitization in the health sector, where an increasing number of medical devices are connected to the IT network, generating and exchanging patient data with devices, such as the EHR.

Notably, radiotherapy systems are the top five riskiest devices across all sectors, not due to any known vulnerabilities but due to the configuration. These devices are configured with many critical ports open, such as Telnet, as well as their connectivity to other risky medical devices. A successful exploit would have an “inherently high” impact.

Radiology workstations are also ranked seventh across devices from all sectors, given they’re commonly connected to many peripheral systems in healthcare delivery operations, including PACS, EHRs, and others.

“As in the case of radiotherapy systems, there are no reported vulnerabilities [in radiology workstations],” researchers wrote. “However, these devices were found configured with many critical ports open and connectivity to risky devices.”

“The exploitation impact is also very high, since it is a workstation where common attacker tools can be easily adapted to achieve persistence or to pivot within a healthcare network,” they added.

PACS are ranked the eighth riskiest devices across all sectors, given their place in the network and their use context. Greenbone Networks research has consistently shown that millions of medical images and other patient data have been exposed through leaky PACS.

“Alongside this reliance on new technologies and increased connectivity, we are witnessing an increase in the number and sophistication of vulnerabilities in medical devices and cyberattacks on hospitals, although these rarely target medical devices directly,” researchers explained.

“Targeted attacks against life-supporting and life-saving devices could have devastating consequences for patients and Healthcare organizations alike,” they added. “The rise of Shodan and other specialized tools for finding exposed OT and IoT devices and potential exploits can aid attackers in launching such attacks. All of this makes it essential to be prepared for attacks that exploit the complexity of healthcare ecosystems."