Luis Louro - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can IoMT devices be protected from the Conficker worm?

IoT medical devices are being targeted by the Conficker worm and other older malware in order to steal patient data. Expert Nick Lewis explains how to protect these IoMT devices.

Researchers at TrapX Labs reported that the Conficker worm has reappeared, targeting IoT medical devices at hospitals like MRI machines, CT scanners and dialysis pumps in order to steal patient records. These devices are usually running older versions of Windows and are not secured in the same way as the hospital's client PCs and servers. How does the new version of Conficker work and how can these IoT medical devices be protected?

Hospitals, like many enterprises, have very diverse networks and IT environments, not to mention patients connecting their own devices to the networks. Some of the Internet of Medical Things (IoMT) devices might have longer than average lifecycles, may have been connected to private biomedical networks in the past and sufficient attention may have not been paid to the IT aspects of the devices. Patient safety must take top priority and clinical workflows may make updating the IT aspects of the devices more complicated. The TrapX Research Labs report on the security of IoMT devices details how the researchers found an updated version of the Conficker worm that has lateral movement capabilities as well as other older malware infecting IoMT devices, which are possibly being targeted due to their security weaknesses. Conficker scans the network looking for Windows XP systems missing MS08-067 or that have admin accounts with weak passwords. One of the highest risk aspects of IoT/IoMT devices is weak default passwords being guessed and abused by malware. Once the system is compromised, the malware is copied to the system to start scanning for other vulnerable systems.

Protecting IoMT devices requires coordination across multiple stakeholders. There are many technical steps required, like network segmentation, firewalling and updating the software. Many times IoMT devices are supported by the same people that support other non-IoT medical devices, who may not have the IT security skills to secure the devices. It is critical that these groups work together so that IoT medical devices do not just get connected to the standard network. TrapX Research Labs recommends isolating IoMT devices on the network, and developing a comprehensive strategy for securing the devices by including them in the enterprise's security program. Part of this program should be a critical evaluation of the devices and the security programs of their manufacturers. Without such evaluations and risk assessments, healthcare organizations will be completely unprepared for cyberattacks targeting IoMT devices.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Read how IoMT boosts patient satisfaction

Learn how location-based tools can improve medical services

Find out what challenges IT professionals face with managing IoMT devices

This was last published in November 2016

Dig Deeper on Data loss prevention technology