Report: hospitals are flooded with vulnerable IoT devices

The researchers found exposed medical images, protocols, databases, industrial controllers and healthcare systems software.
(Getty Images)

Increasingly well-connected hospitals and doctors’ offices bring vast security challenges. A new report released Thursday shows that providers are struggling to keep up against hackers, according to cybersecurity company Trend Micro.

“As hospitals and other healthcare facilities adopt new technology, add new devices, and embrace new partnerships, patients get better and more efficient services — but the digital attack surface expands as well,” the report states.

Titled “Challenges in Securing Connected Hospitals“, Trend Micro presented findings in the report about how exposed internet-connected tools used by most health care organizations can be easily leveraged by hackers for remote attacks.

The research shows that a “surprisingly high number” of internet-connected medical systems can be found through Shodan, a popular Internet of Things scanning tool . Researchers were able to discover numerous exposed medical protocols, databases, industrial controllers and other health care systems.


“While a device or system being exposed does not necessarily mean that it is vulnerable, exposed devices can potentially be leveraged by cybercriminals and other threat actors to penetrate into organizations, steal data, run botnets, install ransomware, etc.,” the report explains. “A massive amount of sensitive information is publicly available when it shouldn’t be.”

Different types of medical imaging devices are commonly made interoperable using a standard known as Digital Imaging and Communications in Medicine (DICOM). In conducting the searches, Trend Micro found numerous DICOM ports openly visible on the web, making them juicy targets.

“These DICOM servers should not be exposed online,” the report notes. “Exposed medical systems potentially jeopardize critical data such as patients’ [personally identifying information] and medical records. Perpetrators can also disrupt hospital and clinic operations by corrupting the data, issuing incorrect device commands, or infecting the systems with ransomware, among others.”

Geographically, the U.S. topped the list of counties with the most exposed systems or devices (428) discovered by Trend Micro; however, the true number is likely much higher.

Trend Micro reportedly found 21 universities among the owners of exposed systems. Large universities are sometimes home to renowned medical facilities.


Experts say it’s not uncommon for hospitals and clinics to have exposed systems because of either poorly configured networks or due to the fact that some medical machines come with remote access functionality already installed as default.

The report concludes by stressing that U.S.-based hospitals should follow existing cybersecurity guidelines provided by the National Institutes of Standards and Technology (NIST) and the Food and Drug Administration (FDA) about supply chain risks.

“Supply chain threats are potential risks associated with suppliers of goods and services to healthcare organizations where a perpetrator can exfiltrate confidential/sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity,” the report reads. “The healthcare industry is more dependent than ever on cloud-based systems, third-party service providers, and vendors in the supply chain.”

Latest Podcasts