Endpoint Security , Governance & Risk Management , Internet of Things Security

Safeguarding Critical OT and IoT Gear Used in Healthcare

Benoit Desjardins of the University of Pennsylvania Medicine on Issues to Consider
Safeguarding Critical OT and IoT Gear Used in Healthcare
Dr. Benoit Desjardins, professor of radiology, University of Pennsylvania Medicine

The many kinds of OT and IoT gear that are not regulated medical devices but are critical to run hospitals and other care facilities present a variety of cybersecurity and patient safety concerns, said Dr. Benoit Desjardins, professor of radiology at the University of Pennsylvania Medicine.

"Just look at the air conditioning system in a hospital. If that goes down, or if an elevator stops working and a patient in transit from the emergency room to the operating room gets stuck because the elevator was subject to a cyberattack, that is a big problem," Desjardins said. "These are not regulated whatsoever," he said.

"Sometimes some of this equipment provides entry points for hackers to hack into larger hospital systems," he said.

"Anything connected to the internet is vulnerable. Cybercriminals are going to try to hack a bunch of IP addresses, and an IP address that comes up as unprotected - they don’t know what that IP address serves, but it could be an air conditioner or even a minor device," Desjardins said in an interview with Information Security Media Group at the Health Information and Management Systems Society 2024 conference in Orlando, Florida.

"That provides an entry point to get into the hospital system. Once they get in, they move laterally or try to increase their privileges to get full access to conduct a major hospital hack. You need to protect every one of those entry points. But it's difficult because everyone in healthcare is stretched to the max."

In this audio interview (see audio link below photo), Desjardins also discussed:

  • The cyber challenges healthcare organizations continue to face involving legacy medical devices;
  • Resources healthcare entities can consider using to help prioritize the cybersecurity of IoT and OT devices, as well as other vulnerabilities;
  • Why the Food and Drug Administration's enhanced authority over medical device cybersecurity will improve newer products as they enter the market;
  • How advancements in artificial intelligence are revolutionizing the work of radiologists and can vastly help improve care and outcomes, especially in stroke patients;
  • Concerns involving AI and large language models used in the healthcare today.

Desjardins is a medical doctor and a professor of radiology and medicine at the University of Pennsylvania. He is an international leader in cardiovascular imaging, artificial intelligence and cybersecurity and is a member of the NIH Data Science Institute Cardiac Panel on Artificial Intelligence. Desjardins is involved in several AI projects in collaboration with international institutions, and he is a reformed hacker.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.