Forescout Report Reveals Critical Healthcare Network Security Gaps

According to research recently released by Forescout, there are several network security gaps at healthcare delivery organizations (HDOs). This information comes from the Connected Medical Device Security: A Deep Dive into Healthcare Networks report, which analyzed data from over 3 million devices running in Forescout’s Device Cloud. The report revealed that while some steps have been made to correct healthcare security over the past year, HDOs still have a ways to go in completely securing their healthcare networks.

One of the areas Forescout examined was the use of Windows devices in HDOs; specifically, the researchers wanted to know whether or not healthcare organizations were using legacy versions of Windows devices. Forescout found an increase of devices running currently-supported versions of the Windows OS: up to 68 percent of devices compared to the 29 percent of last year. The number of devices running Windows versions supported via the Extended Security Update (AKA limited support) also went down to 32 percent from last year’s 71 percent. However, the percentage of devices running obsolete/unsupported Windows OSes remained the same at 0.4 percent.

Forescout also noticed an upward trend in segmented networks, which are beneficial to healthcare providers since it allows them to separate a network into multiple chunks intended for specific purposes. In fact, only nine percent of the deployments surveyed are only running one VLAN, which suggests more network segmentation. Unfortunately, Forescout found that for every VLAN with at least one healthcare device, 60 percent of HDOs also run non-healthcare devices (which may have fewer security features) on the same VLAN.

In a blog post covering the report, Forescout researcher Daniel dos Santos stated: “Many hospitals and other healthcare organizations are rapidly expanding their device footprints to meet the needs of the COVID-19 pandemic. Meanwhile, their critical role in this global crisis also makes them a top target for attackers. The result is a perfect storm that puts the importance of HDO cybersecurity more front and center than ever before.”

Download your copy of the Connected Medical Device Security: A Deep Dive into Healthcare Networks report here.