Managing Legacy Medical, OT, IoT Device Risk in Healthcare

Endpoint Security , Governance & Risk Management , Internet of Things Security

While patient safety risks posed by unpatched security vulnerabilities in legacy medical devices often grab headlines, healthcare entities must not underestimate the serious business risks involving other poorly secured IoT and OT gear used in their environments, said Mohammad Waqas of security firm Armis.

Risks range from patient data privacy breaches to attackers hijacking an entire hospital network, he said, citing a recent Armis research study (see: Most Common Connected Devices That Pose Risks to Hospitals).

"If one device on the network is compromised … and an attacker takes control of that, they can very easily pivot over and take control of medical devices, IP cameras, nurse call systems and facility systems," he said. "That's why we're seeing a lot of focus on healthcare organizations now trying to go under a segmentation project, trying to break up their networks and secure them into smaller chunks."

In this interview with Information Security Media Group (see audio link below photo), Waqas also discussed:

As principal solutions architect for healthcare at Armis, Waqas helps healthcare organizations globally secure unmanaged, IoT and medical devices. He has over a decade of experience in the healthcare cybersecurity industry.