You are currently viewing ICS-CERT Flags BeaconMedaes Medical Device Security Issues

ICS-CERT Flags BeaconMedaes Medical Device Security Issues

With all the recent news about medical device vulnerabilities, market for vendors who provide medical device security products are expected to increase significantly over the next 5 years and will reach close to $6.6 billion in revenue by 2023, up from $4.4 billion this year, according to a new MarketsandMarkets reports.

Need a secure environment to store and communicate files with your colleagues and clients? Subscribe to SkyFlok and get an enterprise-grade storage at small business prices.

With a cloud solution like SkyFlok you can protect the privacy  and security of your clients data and recover easily in case of external or internal attack.

We spread your data across multiple cloud providers and cities around the world as well as encrypting the original data. This means that an attacker cannot see your data and that each Cloud provider which is part of our ecosystem will not be able to see or benefit from it.

Ensure your clients that their data is safe and keep your important files protected with SkyFlok!

An attacker could exploit vulnerabilities in the Scroll medical air system web application to view and modify some device information and web application set-up information, according to ICS-CERT.

The vulnerabilities identified include improper access control, insufficiently protected credentials, and unprotected storage of credentials.

By exploiting these vulnerabilities, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. In addition, an attacker could easily steal passwords, which are displayed in plaintext in a file that is accessible without authentication.

Security researcher Maxim Rupp reported these vulnerabilities to the National Cybersecurity and Communications Integration Center (NCCIC).

BeaconMedaes stressed that the vulnerabilities do not put PHI at risk or affect the operation of the device as designed.

The manufacturer has created an update (4107600010.24) to fix the vulnerabilities and recommended that users update to this version. Users can reach out to the company directly at 1-888-4MEDGAS (463-3427) to get the update.

In addition, NCCIC recommended that device end users take the following defensive measures:

• Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the internet

• Locate control system networks and remote devices behind firewalls and isolate them from the business network

• Use secure methods for remote access, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities, should be updated to the most current version available, and are only as secure as the devices connected to them.

NCCIC advised organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

With all the recent news about medical device vulnerabilities, the market for vendors who provide medical device security products is expected to increase significantly over the next five years, according to a new MarketsandMarkets reports.

The report projected that the global medical device security market will reach close to $6.6 billion by 2023, up from $4.4 billion this year.

Major vendors in this space include Cisco Systems, IBM, GE Healthcare, Symantec, CA Technologies, Philips, DXC Technology, CloudPassage, FireEye, Check Point Software Technologies, Sophos, Imperva, Fortinet, Palo Alto Networks, ClearDATA, and Zscaler.

Factors contributing to the expected market growth include the increasing number of healthcare cyberattacks and threats, increasing geriatric population and the growth in chronic disease management, government regulations and need for compliance, increasing demand for connected medical devices, and widespread adoption of BYOD and Internet of Things.

The report divided the medical device security market into application security, endpoint security, network security, cloud security, and other security types, such as email, Web, and database security.

Endpoint security is expected to be the dominant market segment in 2018 because of the increasing number of connected medical devices, networks that are becoming more vulnerable to sophisticated threats, as well as the increasing use of BYOD, social media, and cloud synchronizing tools.

Based on device type, the wearable and external medical device segment is expected to register the highest compound annual growth rate through 2023. This growth will be spurred by the demand for home healthcare because of the prevalence of chronic diseases and the growing need to reduce healthcare costs. These factors are increasing the demand and uptake of wearable and external medical devices for remote patient monitoring, the report noted.

Looking at end users, healthcare providers are expected to account for the largest share of the market in 2018 due to the high demand for networked medical devices among healthcare providers owing to the various benefits offered by these devices. Other market end users include medical device manufacturers and healthcare payers.

Geographically, North America is expected to dominate the market in 2018, followed by Europe. The market in North America is primarily driven by increasing cyberattacks on medical devices, growing adoption of connected medical devices, increasing awareness among healthcare professionals regarding cybersecurity, and government initiatives to implement security solutions, the report concluded.


Or go back to