Medical and IoT devices regularly connect to the same network as your other devices. Unfortunately, they often receive much less attention than your computers, tablets, and phones, leaving a significant gap in an organization’s security. Consider these six reasons you should care about medical device security and especially unmanaged devices on your corporate network.
Many developers push out updates and patches regularly. When a zero-day exploit (i.e., a previously unknown vulnerability) is discovered, teams typically act fast to close the hole. However, if you don’t manage your medical and IoT devices, you may not receive those patches as quickly as needed.
When an attacker finds a new exploit, they often will post the vulnerability for others to use. If you do not manage your devices and patch the problems, you may have a serious open vulnerability that can expose your organization to attacks.
Your malware scanners evaluate your network and many of its primary devices regularly. Unfortunately, the vast majority of networks have unmanaged devices on them. In that case, those devices may not receive the same scans and attention as the devices that you usually manage on your network. Attackers can find their way into those devices with ease, and without scans in place, they may go unnoticed for a lengthy period and therefore have more time to exploit the device or your network. During the of 2017 Equifax breach, attackers spent months working on a knownvulnerability in the system that ultimately resulted in one of the most widely known and damaging breaches in history.
Do your employees connect IoT devices to your network regularly? Even if you carefully monitor network traffic, you may not know what’s happening on those devices. You may struggle to monitor traffic to understand what is typical for that device and what is out of the ordinary. An employee could be sending out sensitive information, on purpose or unknowingly, without proper monitoring of unmanaged devices.
If you allow open access and permit employees to connect any device they like to your network, it can quickly get out of control. You may find your network performance dropping as those unmanaged devices take up a great deal of bandwidth. Unfortunately, this can significantly decrease the overall performance of your network. You may find it much more challenging to identify potential hazards on the network: where did a threat originate? What device caused the problem? How can you troubleshoot faster? When you manage those IoT devices, you can more easily determine where a potential problem may have come from and solve it more efficiently.
Often, medical devices may contain confidential, private information. Unfortunately, placing those devices on the company network can lead to significant problems when it comes to privacy. In turn, your organization could face HIPAA, CCPA, GDPR or other regulatory violations. In addition to compliance, privacy compromises can lead to breaches that can leak sensitive patient, customer, or other personally identifiable information. Breaches themselves tend to be significantly more impactful, expensive, and resource intensive than regulatory bodies have the power to enforce, making them even more of a headache than maintaining compliance in the first place.
Share This Blog