Hospitals are increasingly vulnerable to cyberattacks due to compromised operational technology (OT) devices. These devices, which include infusion pumps, ventilators, and imaging systems, play a crucial role in patient care. Recent vulnerabilities discovered in devices from companies like Siemens and Advantech highlight the significant risks that healthcare facilities face when their technology is compromised.
Flaws in Siemens imaging and control systems could allow attackers to bypass authentication or cause equipment malfunctions. Similarly, Advantech devices have been found to contain remote code execution vulnerabilities, which researchers confirmed could be exploited. As a result, these vulnerabilities could lead to severe consequences, including disruptions to hospital operations and direct threats to patient safety.
Cyber Threats Impacting Patient Care
The healthcare sector has become a primary target for cybercriminals. According to the Picus Blue Report, even when healthcare organizations implement multiple layers of security, gaps in detection and prevention still exist. Specifically, monitoring east-west traffic within hospital networks often fails to capture lateral movements, allowing attackers to navigate from compromised OT devices into sensitive systems like electronic health records.
Several factors contribute to the healthcare industry’s heightened vulnerability. Many OT devices operate on outdated software that cannot be patched without interrupting essential clinical services. This issue was notably apparent during the WannaCry attack that severely affected the NHS. Additionally, high-value equipment like MRI machines often remains in use for decades, far exceeding typical IT lifecycles. The flat network structures found in many hospitals also allow for easier exploitation, as clinical devices are often interconnected with corporate systems.
The operational constraints in healthcare further complicate security efforts. Unlike other industries, taking a device offline for updates can have immediate effects on patient care, creating a “perfect storm” where the attack surface expands while traditional management approaches remain ineffective.
Reassessing Cybersecurity Strategies
Given these challenges, Chief Information Security Officers (CISOs) in healthcare must reevaluate their strategies for managing cyber risk. Traditional approaches that focus solely on patching vulnerabilities are insufficient. A shift towards modernizing cyber defenses is necessary, incorporating continuous validation and risk-based prioritization.
Healthcare organizations should continuously validate their security measures rather than relying on static vulnerability management strategies. The Picus Exposure Validation research indicates that less than 2% of vulnerabilities categorized as high or critical are actually exploitable in specific environments. By simulating real-world attacks across both OT and IT settings, hospitals can identify which vulnerabilities are genuinely at risk and require immediate attention.
Moreover, hospitals should prioritize vulnerabilities based on their context and asset criticality. For instance, a flaw in an isolated laboratory device may not warrant the same urgency as a vulnerability in software that monitors patient health. When patching is not feasible, alternative mitigations such as updated intrusion prevention rules should be implemented to protect patients without exposing them to unnecessary risks.
To enhance resilience, continuous testing through breach and attack simulations can help identify blind spots that standard audits may miss. By mapping potential attack paths across OT and IT networks, hospitals can proactively close vulnerabilities before they are exploited by attackers.
Collaboration is also key. CISOs must work closely with clinical and operational leaders to promote basic security awareness and ensure that cybersecurity measures support, rather than hinder, patient care. Transparent reporting, including evidence-based exposure scores, can foster understanding and alignment on the importance of investing in effective cyber defense strategies.
As hospitals navigate these complex challenges, they must focus on reducing real risks while ensuring continuity of care. By embracing continuous validation, context-aware prioritization, and layered defenses, healthcare organizations can significantly lower their exposure to cyber threats and enhance patient safety.
Every moment matters in healthcare, particularly when patient lives are at stake. By modernizing vulnerability management and securing OT devices, hospitals can safeguard their systems and data, ultimately protecting the patients who depend on them.
