Читать книгу Do No Harm - Matthew Webster - Страница 38

Clinical monitors are the lynchpin that helps to coordinate a wide range of IoMT devices so that medical information regarding a patient is all together in one location. They also make sure that the records are fed directly into Electronic Health Record (EHR) systems. The data can then be reviewed by specialists at a later point in time. Almost predictably at this point, vulnerabilities have been found in clinical monitors, too. In September 2020 DataBreachToday reported about several vulnerabilities in a Philips monitor.³⁷ While the problems may be the equivalent of speaking a foreign language to some of you, the mitigations step should give a better idea about how bad these vulnerabilities are. Paraphrasing, they recommend that the device essentially be quarantined (from a network perspective) until it is patched. They also want the device to be physically blocked off to prevent unauthorized login attempts and only allow access on a must-have basis.³⁸ The list is more extensive (and more technical as I am trying to save my non-technical audience), but the mitigation steps are non-trivial in many environments. Some hospitals have the equivalent of a flat network, which means the network is essentially wide open, and trying to block the devices is time-consuming from a network standpoint, but also from a physical standpoint. If a large manufacturer like Philips is making these kinds of mistakes, it is even more difficult for the smaller companies.