Luis Louro - Fotolia
Researchers at TrapX Labs reported that the Conficker worm has reappeared, targeting IoT medical devices at hospitals like MRI machines, CT scanners and dialysis pumps in order to steal patient records. These devices are usually running older versions of Windows and are not secured in the same way as the hospital's client PCs and servers. How does the new version of Conficker work and how can these IoT medical devices be protected?
Hospitals, like many enterprises, have very diverse networks and IT environments, not to mention patients connecting their own devices to the networks. Some of the Internet of Medical Things (IoMT) devices might have longer than average lifecycles, may have been connected to private biomedical networks in the past and sufficient attention may have not been paid to the IT aspects of the devices. Patient safety must take top priority and clinical workflows may make updating the IT aspects of the devices more complicated. The TrapX Research Labs report on the security of IoMT devices details how the researchers found an updated version of the Conficker worm that has lateral movement capabilities as well as other older malware infecting IoMT devices, which are possibly being targeted due to their security weaknesses. Conficker scans the network looking for Windows XP systems missing MS08-067 or that have admin accounts with weak passwords. One of the highest risk aspects of IoT/IoMT devices is weak default passwords being guessed and abused by malware. Once the system is compromised, the malware is copied to the system to start scanning for other vulnerable systems.
Protecting IoMT devices requires coordination across multiple stakeholders. There are many technical steps required, like network segmentation, firewalling and updating the software. Many times IoMT devices are supported by the same people that support other non-IoT medical devices, who may not have the IT security skills to secure the devices. It is critical that these groups work together so that IoT medical devices do not just get connected to the standard network. TrapX Research Labs recommends isolating IoMT devices on the network, and developing a comprehensive strategy for securing the devices by including them in the enterprise's security program. Part of this program should be a critical evaluation of the devices and the security programs of their manufacturers. Without such evaluations and risk assessments, healthcare organizations will be completely unprepared for cyberattacks targeting IoMT devices.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read how IoMT boosts patient satisfaction
Learn how location-based tools can improve medical services
Find out what challenges IT professionals face with managing IoMT devices
Dig Deeper on Data loss prevention technology
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading