"Most of the Building Management Systems (BMS) and Building Automation Systems (BAS) used in healthcare facilities were designed in the 1990s or early 2000s when cybersecurity wasn't a big issue. These systems control and monitor a hospital's lighting, heating and cooling, elevator operation and much more. A recent study revealed that 75% of BMS - many of them deployed in healthcare - have known exploited vulnerabilities (KEVs). In addition, more than half of those systems are insecurely connected to the Internet and have KEVs linked to ransomware."
"While BMS are seldom the "front door" in cyberattacks, they can be compromised when an intruder infiltrates via a phishing email and then moves laterally. So far, most of the cyberattacks involving BMS have been in the hospitality field. Both MGM Resorts and Omni Hotels have had incidents. At Omni, an attack disabled room key systems and data was reportedly stolen from about 3.5 million guests."
Healthcare facilities rely on Building Management Systems and Building Automation Systems created decades ago when cybersecurity was not prioritized. These systems manage lighting, heating, cooling, elevators, and other critical infrastructure. A study found 75% of BMS have known exploited vulnerabilities, and more than half are insecurely connected to the Internet with KEVs tied to ransomware. BMS compromises have hit hospitality firms, disabling access systems and exposing data. In hospitals, attacks could disrupt HVAC, operating room and ICU environmental controls, isolation room pressures, backup generators, and UPS devices via vulnerable protocols like SNMP.
#building-management-systems #healthcare-cybersecurity #ransomware #operational-technology-vulnerabilities
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]