Unpatched flaws and lack of encryption leads to data theft and tracking

Researchers warn about critical unpatched vulnerabilities that leave medical device data defenseless

Medical devices can lead to data issuesMedical devices can be exposed to man-in-the-middle-attacks and data theft, according to researchers.

Patient tracking and information theft can become a huge issue with the lack of encryption and security issues in medical wearables allow cyber-attacks and lead to privacy issues. Telehealth care is more than communication with your doctor nowadays. And according to researchers,[1] there are issues with cybersecurity and privacy, identity, malware that need to be taken into consideration.

Medical service providers need to change their methods due to the rise of risks and the needs for users due to the pandemic and rising costs of services. Remote healthcare also affected the universe of wearable medical devices.[2] This also opens an opportunity for privacy issues due to the collection of sensitive data and vulnerability. Cyber attacks can be widely affecting and damaging, use such networks and services to the advantage of cybercriminals.

Kaspersky Labs experts report that last year their team found at least 33 flames in various widely used data transfer protocols. These are often used for the internet of things[3] medical devices, otherwise known as MQTT. This number gets bigger each year and puts the patient data at risk significantly. Unfortunately, in the latest years only 90 flaws of this type were publicly reported, and to this day, many of those flaws remain unpatched.

Researchers expect more communication between the medical sector and IT security specialists

The explosive growth of telehealth brought many challenges to the medical sector and to IT specialists. This united issue should also encourage both industries to meet halfway for the greater goal. Marketing fields and software companies profit from such medical wearables, but security issues should also be considered.

The pandemic has led to a sharp growth in the telehealth market, and this doesn’t just involve communicating with your doctor via video software

Technology is evolving rapidly, and applications are developed quickly with various advanced features, specialized applications, devices. Cloud-based databases and sensors, patient tracking features have their own particular risks and vulnerabilities. Medical information can be extremely valuable, and breaches of such details lead to major consequences.[4]

Medical information leaks and man-in-the-middle issues

Patient data can leak from the offline hospitals, but the issue is with the common remote communications with patients, data stored in databases, and the fact that a large part of the medical details on patients is stored in the databases and is mainly collected via virtual consultations. These numbers of personal data leaks in the medical sector spiked by 1.5 times since 2019.[5] These numbers rely on details on US medical organizations. These leaks are not the only issues related to telehealth care.

MQTT devices are convenient and useful. However, there are cybersecurity issues in the development and use of such medical devices. Mainly these products do not require authentication, and encryption is lacking. It means that devices can be easily exposed to man-in-the-middle attacks.[6]

In addition to these security and cyber attacks, malware, hacker issues flaws that are not patched in these commonly used medical wearables can create issues in the future. Many of the disclosed and at least discovered vulnerabilities remain unpatched to this day. The health sector can face a huge number of attacks. Especially when cyber incidents are getting more frequent and more destructive.

It is important for medical service providers to build secure systems and take cybersecurity, data, privacy issues into consideration. This should be a priority for the future. It needs to be more aggressive, and threat actors, as researchers note, do not slow down after the pandemic is over even.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions