Vintage Internet of Things (IoT) medical equipment presents substantial security risks

In a startling revelation, Check Point Software Technologies, a leading cybersecurity company, has reported on critical security risks in Internet of Things (IoT) and Internet of Medical Things (IoMT) devices in healthcare institutions in their State of Cyber Security Report 2025.

The report, which analysed devices from more than 300 hospitals in the US, found that over half (53%) of these devices contain critical cybersecurity risks. The study did not specify the exact percentage of hospitals with IoT and IoMT devices with vulnerabilities, but it highlighted that more than 300 hospitals in the USA are potentially at risk.

The report concludes that while URGENT/11 and Ripple20 make up only about 10% of the real threat, Cisco IP Phone CVEs, weak HTTP credentials, and open HTTP ports are the top vulnerabilities.

Liz Miller, a Constellation Research analyst, emphasised the importance of understanding the multiple attack surfaces in healthcare systems. She stated that healthcare systems have numerous entry points for cyberattacks, making them particularly vulnerable.

The report also revealed that ransomware attacks on hospitals increased 123% year-on-year in 2021, costing a total of $21 billion from over 500 attacks. The average cost per ransomware attack is $8 million, and each attack takes an organisation around 287 days to fully recover.

Cynerio, a healthcare-focused cybersecurity company, used a connector to collect device traffic information for each device connected to the network. They found that 79% of IoT devices are used at least once a month, while 21% may go without use for four weeks.

The global pandemic has sweetened the pot for attackers, making networks, systems, and devices open season. Unpatched devices could have serious consequences for medical workflows, patient safety, and hospital operations.

In a typical attack, devices tracking patients' vital signs, medical history systems, communication systems, radiology, imaging, PACS machines and scanners, IV and insulin pumps, printers, and other network equipment are affected. Malware or DDoS attacks are common and often lead to ransomware demands.

To remediate vulnerabilities, network quarantine and segmentation are recommended. A balance of east-west and north- south segmentation is vital to ensure safety without disrupting connectivity. IV pumps should be connected only to servers at the data centers and not to other servers or devices for north-south segmentation.

Alarmingly, almost half (48%) of the IoT devices scanned in the research used Linux as their operating system. This is concerning as Linux is an open-source platform that has gained much popularity within the bad actors' community. Ransomware groups are increasingly targeting Linux devices in IoT environments.

In light of these findings, it is crucial for healthcare institutions to prioritise cybersecurity measures to protect their patients, staff, and operations from potential threats. Context is important in a healthcare environment, as segmentation should not interfere with clinical workflows or patient care.