The more information about healthcare overview was based on a review of more than 100 cybersecurity studies on medical devices dating back to 1998. Devices tested included pacemakers, insulin pumps, surgical robots, imaging equipment and hospital information systems. The results showed that 53% had at least one "critical" vulnerability - defined asa flaw that makes a device susceptible to remote code execution, loss of confidentiality, integrity or availability.
"There is an alarming number of cyber vulnerabilities in devices used in healthcare," wrote van Miltenburg and his co-authors. "Vendors of critical medical devices need to increase the priority given to cybersecurity."
Critical flaws include those that could give unauthorized users access to protected data or allow attackers to remotely control a device's software. In one study from 2011, researchers found they could get full system access - including the ability to reprogram implanted pacemaker controllers - by exploiting weaknesses in the programming tools that manufacturers used during production. Another recent analysis of home monitoring devices for older adults with chronic conditions found that more than half were vulnerable because theirmanufacturer had not applied standard security patches.
On average, devices manufactured before 2012 were found to have around five vulnerabilities each. Since then, there's been little improvement - devices from 2013 had an average of 4.6 CVEs (Common Vulnerabilities and Exposures), while those produced between 2014 and 2017 contained an average of 3.1 CVEs each.