Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Jan;62(1):257-273.
doi: 10.1007/s11517-023-02912-0. Epub 2023 Oct 4.

Security vulnerabilities in healthcare: an analysis of medical devices and software

Carlos M Mejía-Granda  1 José L Fernández-Alemán  2 Juan M Carrillo-de-Gea  2 José A García-Berná  2
Affiliations

Security vulnerabilities in healthcare: an analysis of medical devices and software

Carlos M Mejía-Granda et al. Med Biol Eng Comput. 2024 Jan.

Abstract

The integration of IoT in healthcare has introduced vulnerabilities in medical devices and software, posing risks to patient safety and system integrity. This study aims to bridge the research gap and provide valuable insights for addressing healthcare vulnerabilities and their mitigation mechanisms. Software vulnerabilities related to health systems from 2001 to 2022 were collected from the National Vulnerability Database (NVD) systematized by software developed by the researchers and assessed by a medical specialist for their impact on patient well-being. The analysis revealed electronic health records, wireless infusion pumps, endoscope cameras, and radiology information systems as the most vulnerable. In addition, critical vulnerabilities were identified, including poor credential management and hard-coded credentials. The investigation provides some insights into the consequences of vulnerabilities in health software products, projecting future security issues by 2025, offers mitigation suggestions, and highlights trends in attacks on life support and health systems are also provided. The healthcare industry needs significant improvements in protecting medical devices from cyberattacks. Securing communication channels and network schema and adopting secure software practices is necessary. In addition, collaboration, regulatory adherence, and continuous security monitoring are crucial. Industries, researchers, and stakeholders can utilize these findings to enhance security and safeguard patient safety.

Keywords: Descriptive study; Software security; Software vulnerabilities in health; Vulnerability databases.

PubMed Disclaimer

Conflict of interest statement

The authors declare no competing interests.

Figures

Fig. 1
Fig. 1
Research flow chart of the method
Fig. 2
Fig. 2
Data collection tool diagram
Fig. 3
Fig. 3
The first fifty software products with the greatest number of vulnerabilities
Fig. 4
Fig. 4
Tendency analysis graph of the number of critical vulnerabilities for health
Fig. 5
Fig. 5
a Health vulnerabilities ranked from highest to lowest impact from 2001 to 2022. b Health vulnerabilities ordered from highest to lowest presence from 2001 to 2022. c Health vulnerabilities ranked from highest to lowest number of software products from 2001 to 2022. d Health vulnerabilities sorted from highest to lowest score from 2001 to 2022
See this image and copyright information in PMC

References

    1. Statista (2020) Number of connected devices worldwide 2030 | Statista. Statista Research Department. https://www.statista.com/statistics/802690/worldwide-connected-devices-b... (accessed Aug. 09, 2021).
    1. Xiao F, Miao Q, Xie X, Sun L, Wang R. Indoor anti-collision alarm system based on wearable Internet of Things for smart healthcare. IEEE Commun Mag. 2018;56(4):53–59. doi: 10.1109/MCOM.2018.1700706. - DOI
    1. “Browse cve vulnerabilities by date.” https://www.cvedetails.com/browse-by-date.php (accessed Mar. 20, 2020)
    1. Shamal PK, Rahamathulla K, Akbar A (2018) A study on software vulnerability prediction model, in Proceedings of the 2017 International Conference on Wireless Communications, Signal Processing and Networking, WiSPNET 2017, Institute of Electrical and Electronics Engineers Inc 703–706. 10.1109/WiSPNET.2017.8299852
    1. Ruohonen J. A look at the time delays in CVSS vulnerability scoring. Appl Comput Informa. 2019;15(2):129–135. doi: 10.1016/j.aci.2017.12.002. - DOI

LinkOut - more resources