Home > News > Top Stories > Armis Identifies the Riskiest Medical and IoT Devices in Clinical Environments

Devices, Industrial IoT

Armis Identifies the Riskiest Medical and IoT Devices in Clinical Environments

Armis Identifies the Riskiest

Armis, the leading asset visibility and security company, today released new research identifying the top connected medical and IoT devices that are exposed to malicious activity in clinical environments. Data analyzed from the Armis Asset Intelligence and Security Platform, which tracks over three billion assets, found nurse call systems to be the riskiest* IoMT device, followed by infusion pumps and medication dispensing systems. When looking at IoT devices, IP cameras, printers and Voice Over Internet Protocol (VoIP) devices are topping the list.

By 2026, smart hospitals are expected to deploy over 7 million IoMT devices, doubling the amount from 2021. Medical and non-medical devices are increasingly connected, automatically feeding patient data from monitoring devices into electronic records. These connections and communications within a medical environment help improve patient care but also make it increasingly vulnerable to cyberattacks, which could result in the interruption of patient care.

Upon a comprehensive analysis of the data from all connected medical and IoT devices on the Armis Asset Intelligence and Security Platform, several noteworthy conclusions can be drawn

  • Nurse call systems are the riskiest connected medical device, with 39% of them having critical severity unpatched Common Vulnerabilities and Exposures (CVEs) and almost half (48%) having unpatched CVEs.
  • Infusion pumps are second, with 27% having critical severity unpatched CVEs and 30% having unpatched CVEs.
  • Medication dispensing systems are in third place, with 4% having critical severity unpatched CVEs, but 86% having unpatched CVEs. Moreover, 32% run on unsupported Windows versions.
  • Almost 1 in 5 (19%) connected medical devices are running unsupported OS versions.
  • More than half of IP cameras we monitored in clinical environments have critical severity unpatched CVEs (56%) and unpatched CVEs (59%), making it the riskiest IoT device.
  • Printers are the second riskiest IoT device in clinical environments, with 37% having unpatched CVEs, and 30% having critical severity unpatched CVEs.
  • VoIP devices are in third place. Although 53% of them have unpatched CVEs, only 2% have critical severityunpatched CVEs.

“These numbers are a strong indicator of the challenges faced by healthcare organizations globally. Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” said Mohammad Waqas, Principal Solutions Architect for Healthcare at Armis. “Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”

Armis secures all medical assets and patient care environments in some of the largest healthcare delivery organizations around the world:

“Armis appeared to be a good alternative for us because it immediately provided us with visibility into what devices were plugging into the network. It shows us how they are interacting with each other, creates alerts based on observed behavior and enforces firewall rules based on those alerts,” said Brian Schultz, Director of Network Operations and Security, Burke Rehabilitation Hospital.

“Metrics and accountability are key to understanding how to protect the hospital’s network, and Armis has a major role in making the relevant data available to us in an easy-to-access manner. It has definitely filled in the gaps in our security arsenal by uncovering risks we never knew about previously. At first, I thought Armis was a nice-to-have, but now it’s become an integral part of our cyber defense,” said Dr. Michael Connolly, Chief Information Officer (CIO), Mater Misericordiae University Hospital.

KLAS Research recently named Armis a top performer at the 2023 Best in KLAS Software & Services Report for Healthcare IoT Security. To learn more about how Armis enables healthcare organizations to identify and secure IoMT, IoT, OT and IT assets

Armis is attending HIMSS April 17-21, 2023 in Chicago, IL with a speaking session taking place on Wednesday, April 19, 2023 from 3:45pm - 4:05pm CT titled: Hackers Rush in Where Agents Fear to Tread. To meet with Armis at HIMSS, please visit booth 2276 or Kiosk 4309-48 in the Cyber Command Center.

About Armis

Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.

Spotlight

More featured news

Spotlight

Related News

Industrial IoT

Tuya Smart Delivers IoT Best Practice Using Amazon Aurora, Leads the Direction of Cloud Database Innovation Use Cases with Amazon Web Services

Tuya Smart | January 24, 2024

Tuya Smart, the global IoT developer service provider, has delivered its Best Practices in using Amazon Aurora at IoT industry. Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility. Tuya and Amazon Web Services (AWS) built a solid basis of collaboration in database use cases exploration while also delivering smooth operation of billions of devices requiring high concurrency and low latency. Tuya and AWS: Building a benchmark for database implementation practice Tuya is a leading technology company focused on making our lives smarter. Tuya does this by offering a cloud platform that connects a range of devices via the IoT. By building interconnectivity standards, Tuya bridges the intelligent needs of brands, OEMs, developers, and retail chains across a broad range of smart devices and industries. Tuya's solutions enable partners and customers by improving the value of their products while making consumers' lives more convenient through the application of technology. As of September 30, 2023, the Tuya IoT Developer Platform has accumulated over 909,000 registered developers from over 200 countries and regions, covering industries including real estate, hospitality, residential, industry, agriculture, etc. The greater the breadth of business coverage, the more advanced technological support required. Tuya faces high-frequency reads and writes as well as enormous data storage challenges from billion-level online devices. Meanwhile, due to the commercial scenarios involving smart homes and smart industries, Tuya's operating response demands low latency in order to deliver a smoother user experience. Furthermore, Tuya's quick expansion and regular business changes have posed significant challenges to its operation and maintenance management. Tuya selected Amazon Aurora as core database engine for its unparalleled performance and availability at global scale. How does Tuya specifically leverage the Amazon Aurora database? Tuya currently manages billions of real-time online devices and can keep cloud message processing response times under 10 milliseconds. However, billions online devices provide a challenge. During holidays, there will be peak traffic volume, with tens of millions of devices going online and offline virtually simultaneously. Tuya used Amazon Aurora to construct a data storage solution to solve the main problem of rapid increase in short-term traffic, and to fully utilize resources. Aurora's design, which separates compute and storage and low-latency replication functionality, improves system throughput by enhancing the effect of read-write separation. Aurora provides up to 15 read replicas, setting the groundwork for Tuya's read flexibility development. At the same time, Tuya has integrated Aurora Serverless, which includes seconds-level elastic expansion and contraction, allowing Tuya to handle extremely heavy business traffic smoothly. Tuya's customers are located throughout more than 200 nations and regions, and they deal with widespread access to IoT data. Different countries and regions have different regulations on data compliance, such as GDPR and local PII. Tuya needs to adhere to each region's data security compliance regulations. As Tuya's primary business data storage provider, Amazon Aurora was among the first in the public cloud sector to enable physical encryption for database products, which significantly decreased the cost of Tuya's security compliance transformation and gave Tuya excellent basic security guarantees. In addition, Tuya is continuously testing out additional new innovation unique to Aurora, such as Enhanced Binlog, zero-ETL, and Limitless Database. Aurora's ongoing investment in innovative technologies provides more opportunities for Tuya to expand its business. Additionally, based on Tuya's comprehensive IoT developer platform architecture, both parties have collaborated to enhance Tuya IoT applications performance indicators like stability, low latency, scalability, and security in the real-world application of databases, revealing more potential and possibilities and enabling the IoT. Tuya and AWS: Continuously promoting the evolution of cloud experience Data-driven approaches will usher in a new era of innovation in tandem with the swift advancement of data applications. At this year's re:Invent conference, Peter DeSantis, Senior Vice President of AWS, reviewed the relational database's development history in great detail. In 2014, AWS created Aurora based on log architecture. In 2018, the release of Aurora Serverless allowed for seamless scaling of database resources through virtualization technology. This year, AWS announced the launch of the Amazon Aurora Limitless Database, which automatically scales to millions of write transactions per second well beyond current limits of a single PostgreSQL instance. It is apparent from Amazon Aurora's development history that AWS has always been dedicated to innovation. Customers and partners from a range of industries actively utilizes AWS to enable rapid innovation in a variety of ways, while also working together to enhance the cloud experience. Similar to how Tuya and AWS work together, Tuya's effective and user-friendly IoT developer platform and rich and varied IoT solutions have built a significant lighthouse, embracing the Amazon Aurora's innovation and accelerated the process of building a more secure and reliable IoT database use case. Amazon Aurora VP Yan Leshinsky said, "Amazon Aurora is the fastest growing service in the history of AWS and is trusted by hundreds of thousands of customers. We innovate by working backwards from customers' needs, and we appreciate the feedback that Tuya has shared. We remain committed in developing new Aurora features and capabilities so all customers can accelerate their applications' capabilities and business growth by using Aurora." "Tuya has always committed to strengthening advanced and valuable innovations, while offering open and neutral ecosystem assistance for global partners. We provide our developers with enhanced operational and maintenance control, adaptable data storage options, superior product experience, and a global business layout by utilizing the Amazon Aurora database. We will continue to work with AWS to benefit the world in the future in areas including technology, ecosystems, and cloud computing, helping customers achieve commercial success." said Eva Na, Vice President of Marketing and Strategic Cooperation, and CMO of Tuya Smart. Enhancing the partnership with AWS, Tuya delivered IoT best practice using Amazon Aurora database, giving the industry's growth additional impetus. Tuya will maintain its open and neutral stance going forward, collaborating with cloud service providers like AWS to offer global developers a more secure, reliable, and productive cloud environment, thereby advancing the innovation and development of the entire industry.

Read More

Enterprise Iot

Nozomi Networks Delivers Industry's First Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

Nozomi Networks | January 25, 2024

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Guardian Air™, the industry's only wireless spectrum sensor purpose-built for OT and IoT environments worldwide. With 80 percent of new IoT deployments wirelessly connected, wireless is quickly becoming a preferred network. The explosion of wirelessly connected devices increases potential access points and exploitation of networks. This puts critical infrastructure at risk of cyberattacks and disruptions to operations. Guardian Air provides much-needed visibility into wirelessly enabled devices which until now were only detected once connected to the wired network. Guardian Air monitors several prominent wireless frequencies, not just Bluetooth and Wi-Fi, to provide security teams with immediate visibility of connected sensors, devices, laptops and cell phones. With the addition of Guardian Air, customers have a comprehensive network solution all in one integrated platform. "Nozomi Networks has once again innovated to address an unmet need for wireless-level monitoring in OT and IoT environments," said Danielle VanZandt, an industry manager for commercial and public security research at Frost & Sullivan. "From smart manufacturing to digital medicine, to building automation, to modern oil field production and more, today industrial organizations are relying on billions of wireless devices to speed production and time to market. Guardian Air gives IT security professionals and OT operators the visibility they need to get a firm handle on wireless risk management and response." With Guardian Air, IT security professionals and OT operators can: Continuously monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, drone RF protocols, WirelessHART and more, Immediately detect wirelessly connected assets and gain asset information to quickly address unauthorized installations, Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking – with the added ability to determine the location of the devices performing the attacks, Seamlessly integrate wireless data into a single OT & IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks. "Wireless is fundamentally changing the way industrial organizations operate. Unfortunately, it also massively expands the potential attack surface," said Nozomi Networks Co-founder and Chief Product Officer Andrea Carcano. "Guardian Air solves this problem by giving customers the accurate visibility they need at the wireless level to minimize risk while maximizing resiliency. Because Guardian Air integrates easily into the Nozomi Networks Vantage platform, customers can combine network, endpoint and wireless for the greatest visibility, threat detection and AI-powered analysis for real-time security management and remediation across the entire attack surface." The Nozomi Guardian Air wireless sensor will be available this spring from Nozomi Networks and its extensive global network of channel partners. About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com

Read More

Industrial IoT

Tuya Smart Delivers IoT Best Practice Using Amazon Aurora, Leads the Direction of Cloud Database Innovation Use Cases with Amazon Web Services

Tuya Smart | January 24, 2024

Tuya Smart, the global IoT developer service provider, has delivered its Best Practices in using Amazon Aurora at IoT industry. Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility. Tuya and Amazon Web Services (AWS) built a solid basis of collaboration in database use cases exploration while also delivering smooth operation of billions of devices requiring high concurrency and low latency. Tuya and AWS: Building a benchmark for database implementation practice Tuya is a leading technology company focused on making our lives smarter. Tuya does this by offering a cloud platform that connects a range of devices via the IoT. By building interconnectivity standards, Tuya bridges the intelligent needs of brands, OEMs, developers, and retail chains across a broad range of smart devices and industries. Tuya's solutions enable partners and customers by improving the value of their products while making consumers' lives more convenient through the application of technology. As of September 30, 2023, the Tuya IoT Developer Platform has accumulated over 909,000 registered developers from over 200 countries and regions, covering industries including real estate, hospitality, residential, industry, agriculture, etc. The greater the breadth of business coverage, the more advanced technological support required. Tuya faces high-frequency reads and writes as well as enormous data storage challenges from billion-level online devices. Meanwhile, due to the commercial scenarios involving smart homes and smart industries, Tuya's operating response demands low latency in order to deliver a smoother user experience. Furthermore, Tuya's quick expansion and regular business changes have posed significant challenges to its operation and maintenance management. Tuya selected Amazon Aurora as core database engine for its unparalleled performance and availability at global scale. How does Tuya specifically leverage the Amazon Aurora database? Tuya currently manages billions of real-time online devices and can keep cloud message processing response times under 10 milliseconds. However, billions online devices provide a challenge. During holidays, there will be peak traffic volume, with tens of millions of devices going online and offline virtually simultaneously. Tuya used Amazon Aurora to construct a data storage solution to solve the main problem of rapid increase in short-term traffic, and to fully utilize resources. Aurora's design, which separates compute and storage and low-latency replication functionality, improves system throughput by enhancing the effect of read-write separation. Aurora provides up to 15 read replicas, setting the groundwork for Tuya's read flexibility development. At the same time, Tuya has integrated Aurora Serverless, which includes seconds-level elastic expansion and contraction, allowing Tuya to handle extremely heavy business traffic smoothly. Tuya's customers are located throughout more than 200 nations and regions, and they deal with widespread access to IoT data. Different countries and regions have different regulations on data compliance, such as GDPR and local PII. Tuya needs to adhere to each region's data security compliance regulations. As Tuya's primary business data storage provider, Amazon Aurora was among the first in the public cloud sector to enable physical encryption for database products, which significantly decreased the cost of Tuya's security compliance transformation and gave Tuya excellent basic security guarantees. In addition, Tuya is continuously testing out additional new innovation unique to Aurora, such as Enhanced Binlog, zero-ETL, and Limitless Database. Aurora's ongoing investment in innovative technologies provides more opportunities for Tuya to expand its business. Additionally, based on Tuya's comprehensive IoT developer platform architecture, both parties have collaborated to enhance Tuya IoT applications performance indicators like stability, low latency, scalability, and security in the real-world application of databases, revealing more potential and possibilities and enabling the IoT. Tuya and AWS: Continuously promoting the evolution of cloud experience Data-driven approaches will usher in a new era of innovation in tandem with the swift advancement of data applications. At this year's re:Invent conference, Peter DeSantis, Senior Vice President of AWS, reviewed the relational database's development history in great detail. In 2014, AWS created Aurora based on log architecture. In 2018, the release of Aurora Serverless allowed for seamless scaling of database resources through virtualization technology. This year, AWS announced the launch of the Amazon Aurora Limitless Database, which automatically scales to millions of write transactions per second well beyond current limits of a single PostgreSQL instance. It is apparent from Amazon Aurora's development history that AWS has always been dedicated to innovation. Customers and partners from a range of industries actively utilizes AWS to enable rapid innovation in a variety of ways, while also working together to enhance the cloud experience. Similar to how Tuya and AWS work together, Tuya's effective and user-friendly IoT developer platform and rich and varied IoT solutions have built a significant lighthouse, embracing the Amazon Aurora's innovation and accelerated the process of building a more secure and reliable IoT database use case. Amazon Aurora VP Yan Leshinsky said, "Amazon Aurora is the fastest growing service in the history of AWS and is trusted by hundreds of thousands of customers. We innovate by working backwards from customers' needs, and we appreciate the feedback that Tuya has shared. We remain committed in developing new Aurora features and capabilities so all customers can accelerate their applications' capabilities and business growth by using Aurora." "Tuya has always committed to strengthening advanced and valuable innovations, while offering open and neutral ecosystem assistance for global partners. We provide our developers with enhanced operational and maintenance control, adaptable data storage options, superior product experience, and a global business layout by utilizing the Amazon Aurora database. We will continue to work with AWS to benefit the world in the future in areas including technology, ecosystems, and cloud computing, helping customers achieve commercial success." said Eva Na, Vice President of Marketing and Strategic Cooperation, and CMO of Tuya Smart. Enhancing the partnership with AWS, Tuya delivered IoT best practice using Amazon Aurora database, giving the industry's growth additional impetus. Tuya will maintain its open and neutral stance going forward, collaborating with cloud service providers like AWS to offer global developers a more secure, reliable, and productive cloud environment, thereby advancing the innovation and development of the entire industry.

Read More

Enterprise Iot

Nozomi Networks Delivers Industry's First Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

Nozomi Networks | January 25, 2024

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Guardian Air™, the industry's only wireless spectrum sensor purpose-built for OT and IoT environments worldwide. With 80 percent of new IoT deployments wirelessly connected, wireless is quickly becoming a preferred network. The explosion of wirelessly connected devices increases potential access points and exploitation of networks. This puts critical infrastructure at risk of cyberattacks and disruptions to operations. Guardian Air provides much-needed visibility into wirelessly enabled devices which until now were only detected once connected to the wired network. Guardian Air monitors several prominent wireless frequencies, not just Bluetooth and Wi-Fi, to provide security teams with immediate visibility of connected sensors, devices, laptops and cell phones. With the addition of Guardian Air, customers have a comprehensive network solution all in one integrated platform. "Nozomi Networks has once again innovated to address an unmet need for wireless-level monitoring in OT and IoT environments," said Danielle VanZandt, an industry manager for commercial and public security research at Frost & Sullivan. "From smart manufacturing to digital medicine, to building automation, to modern oil field production and more, today industrial organizations are relying on billions of wireless devices to speed production and time to market. Guardian Air gives IT security professionals and OT operators the visibility they need to get a firm handle on wireless risk management and response." With Guardian Air, IT security professionals and OT operators can: Continuously monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, drone RF protocols, WirelessHART and more, Immediately detect wirelessly connected assets and gain asset information to quickly address unauthorized installations, Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking – with the added ability to determine the location of the devices performing the attacks, Seamlessly integrate wireless data into a single OT & IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks. "Wireless is fundamentally changing the way industrial organizations operate. Unfortunately, it also massively expands the potential attack surface," said Nozomi Networks Co-founder and Chief Product Officer Andrea Carcano. "Guardian Air solves this problem by giving customers the accurate visibility they need at the wireless level to minimize risk while maximizing resiliency. Because Guardian Air integrates easily into the Nozomi Networks Vantage platform, customers can combine network, endpoint and wireless for the greatest visibility, threat detection and AI-powered analysis for real-time security management and remediation across the entire attack surface." The Nozomi Guardian Air wireless sensor will be available this spring from Nozomi Networks and its extensive global network of channel partners. About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com

Read More

More featured news