More than 55 percent of medical imaging devices – including MRIs, XRays and ultrasound machines – are powered by outdated Windows versions, researchers warn.
While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol (RDP) flaw.
Researchers said they found that 22 percent of a typical hospital’s Windows devices were vulnerable to BlueKeep. Even worse, the number of connected medical devices running Windows that are vulnerable to BlueKeep is considerably higher — around 45 percent, they said. Vulnerable medical devices can include MRIs, ultrasounds, X-rays, and more, which run on operating systems — typically Windows – allowing their operators to more easily collect and upload data.
“For hospitals, the task of monitoring vulnerabilities, identifying affected devices, chasing down suitable patches, and distributing those patches across a sprawling campus is tedious, to say the least,” said researchers with CyberMDX in their “2020 Vision” report on medical security, released Tuesday. “This process is slow and inefficient, as the hospitals usually do not know which devices or security issues to attend to first.”