That’s right, even a refrigerator can now fall victim to hackers. According to security firm Proofpoint, more than 750,000 malicious emails were sent between Dec. 23, 2013 and Jan. 6, 2014, when hackers gained access to smart devices, such as common appliances, left accessible on public networks.
What’s interesting to note is that the hackers did not use a sophisticated approach. The devices–including routers, multi-media centers, televisions and even a refrigerator– had become vulnerable when their owners failed to change the default passwords the devices used to connect to public networks. According to Proofpoint, “misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.” You can read the full press release here.
Healthcare organizations face similar risks with biomedical equipment that increasingly is connected to the corporate network. For many years, biomedical equipment was isolated on separate networks with limited connections to the outside world. Increasingly this equipment is being added to hospital networks to allow for connection to electronic record systems and to remote clinicians. Much of that equipment includes old Windows XP machines that were never securely configured and haven’t been patched. So, while your hospital may not be at risk due to smart refrigerators, biomedical equipment, smart audio-visual equipment, and other internet-connected devices can put your organization at risk.
So, what can your organization do to prevent becoming victim?
- Complete a thorough inventory of all internet-connected devices, especially biomedical, so you know potential risks
- Implement policies and procedures that ensure that secure configurations are used, for example the removal of default administrator accounts and passwords. Ensure that all of this equipment is included in your enterprise-wide patching program.
- Hire a professional to complete a computer security risk analysis, which can bring to light these and any other security vulnerabilities in your organization’s network.
Overall, as the range of Internet-connected devices grows, make sure your computer security policies and procedures also grow.
