An IoT remote management tool was discovered to have a number of security vulnerabilities and bugs, highlighting concerns of medical device information becoming exposed.
Medical and other healthcare devices—such as imaging tools, diagnostic lab equipment, etc.—are sometimes on poorly protected, connected hospital networks, creating risks that allow for hackers to identify exploitable vulnerabilities and bugs.
Researchers from the health care security firm CyberMDX, which was acquired last month by the IoT security firm Forescout, found the seven easily exploited vulnerabilities, collectively dubbed Access:7, in the IoT remote access tool PTC Axeda. The platform can be used with any embedded device, but it has proven particularly popular in medical equipment.
The researchers also found that some companies have used it to remotely manage ATMs, vending machines, barcode scanning systems, and some industrial manufacturing equipment. The researchers estimate that the Access:7 vulnerabilities are in hundreds of thousands of devices in all. In a review of its own customers, Forescout found more than 2,000 vulnerable systems.
“You can imagine the type of impact an attacker could have when they can either exfiltrate data from medical equipment or other sensitive devices, potentially tamper with lab results, make critical devices unavailable, or take them over entirely,” says Daniel dos Santos, head of security research at Forescout.
One of the biggest challenges in all of this is notifying previous customers to update software that may susceptible to cyberattacks or to take other steps to mitigate their medical devices from being exposed by security vulnerabilities and bugs.
Read the full article at Wired.