{"id":89857,"date":"2024-09-12T08:00:13","date_gmt":"2024-09-12T15:00:13","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=89857"},"modified":"2024-09-12T06:53:22","modified_gmt":"2024-09-12T13:53:22","slug":"medical-device-risk-management","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/","title":{"rendered":"The Unhealthy State of Medical Device Risk Management"},"content":{"rendered":"<p>You know the old joke. A man goes to the doctor, lifts his arm up high, and says, \u201cDoc, it hurts when I do this.\u201d<\/p>\n<p>The doctor\u2019s answer? \u201cStop doing that.\u201d<\/p>\n<p>If only it were so simple to secure medical devices. We\u2019re not going to stop using those innovations that monitor, save or protect lives. But for CISOs managing the risk of <em>all <\/em>the connected devices and software used in hospitals, clinics, labs and medical research facilities, the situation is daunting.<\/p>\n<p>The last year has been especially tough on healthcare <a href=\"\/blog\/ransomware-risk-current-state\/\">because of ransomware<\/a>. There were several major attacks on hospital networks and payers in 2024, including <a href=\"https:\/\/www.wsj.com\/articles\/hospitals-urged-to-disconnect-from-unitedhealths-hacked-pharmacy-unit-11c9691e\" target=\"new\" rel=\"noopener\">Change Healthcare<\/a>, owned by United Health, and others. In a recent quarterly filing, United Health <a href=\"https:\/\/www.cbsnews.com\/news\/unitedhealth-cyberattack-change-healthcare-hack-ransomware\/\" target=\"new\" rel=\"noopener\">reported<\/a> &#8220;unfavorable cyberattack effects&#8221; of $872 million.<\/p>\n<h3>Key Facts About Healthcare Security and Medical Device Risk Today<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.ey.com\/en_us\/insights\/consulting\/ey-consulting-case-studies\/how-a-medical-system-builds-a-healthier-cybersecurity-program\" target=\"new\" rel=\"noopener\">EY<\/a>:\n<ul>\n<li>Breaches account for more than 12% of an organization\u2019s overall annual spend on cybersecurity<\/li>\n<li>They take up to eight months to detect and resolve<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>IBM\n<ul>\n<li>Healthcare has one of the highest data breach costs of all industries<\/li>\n<li>The average cost of a healthcare breach increased 53% to nearly $11 million in 2023<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Forescout Research \u2013 Vedere Labs\n<ul>\n<li>IoT devices, including IoMT assets, had a 136% increase in vulnerabilities in a year<\/li>\n<li>In 2022, we discovered <strong>7,000 exposed medical systems<\/strong> on the internet, including: PACS, healthcare integration engines, electronic health records, medication dispensing systems, and medical image printers.<\/li>\n<li>In 2024, we found <strong>225 medical dispensing systems exposed<\/strong> to the internet \u2013 <strong>up 23%<\/strong> from 2022<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong><em>Need help today? Get your free copy of Gartner\u2019s latest vendor report \u201c<a href=\"\/analyst-report-2024-gartner-market-guide-for-medical-device-risk-management-platforms\/\">2024 Gartner\u00ae Market Guide for Medical Device Risk Management Platforms<\/a>\u201d.*<\/em><\/strong><\/p>\n<h3>What About ISO 14971? Can\u2019t Medical Devices Be Made More Secure?<\/h3>\n<p>According to <a href=\"https:\/\/www.wipro.com\/medical-devices\/basic-principles-of-risk-management-for-medical-device-design\/#:~:text=Risk%20Management%20Process%20ISO%2014971,probability%20of%20occurrence%20of%20harm\" target=\"new\" rel=\"noopener\">WiPro<\/a>, the Risk Management Process ISO 14971 standard requires a manufacturer to establish, document and maintain a risk management process for:<\/p>\n<ul>\n<li>Reviewing the intended use (intended purpose) of the medical device<\/li>\n<li>Identification of hazards (known and foreseeable)<\/li>\n<li>Estimation of the probability of occurrence of harm<\/li>\n<\/ul>\n<p>Risk management is regulation today, so organizations must comply. ISO 14971 is primarily focused on product safety, but because it applies to the entire lifecycle of a device \u2013 including the end of life \u2013 cybersecurity risk is in play.<\/p>\n<p>However, there are several other standards of regulatory compliance for ISO that are also in play:<\/p>\n<ul>\n<li>ISO 30111:2013, Information Security Techniques, Vulnerability Handling Process<\/li>\n<li>ISO 29147:2014, Information Technology \u2013 Security Techniques \u2013 Vulnerability Disclosure<\/li>\n<li><a href=\"\/ebook-how-to-align-with-the-nist-cybersecurity-framework\/\">NIST Cybersecurity Framework 2.0<\/a><\/li>\n<\/ul>\n<p>Healthcare CISOs, however, may be less concerned with a manufacturer\u2019s risk management process. Their job is to protect their hospital networks and secure their medical devices from becoming entry points for career-destroying events. Attackers don\u2019t care about \u2018harm\u2019 or compliance or standards or lifecycles. The financial incentives in ransomware today are unfathomable. The Change Healthcare ransomware attack resulted in a $22 million ransom paid to the attackers, and the stolen data was still not fully recovered, according to <a href=\"https:\/\/www.hipaajournal.com\/change-healthcare-responding-to-cyberattack\/\" target=\"new\" rel=\"noopener\">The HIPAA Journal<\/a>.<\/p>\n<p>Attackers often use ignored, unpatched or end of life assets to infiltrate. See how we demonstrated a proof-of-concept attack (R4IoT) that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT) in this video.<\/p>\n<p><script src=\"https:\/\/fast.wistia.com\/embed\/medias\/v36m5mmjbr.jsonp\" async><\/script><script src=\"https:\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_responsive_padding\" style=\"padding: 56.25% 0 0 0; position: relative;\">\n<div class=\"wistia_responsive_wrapper\" style=\"height: 100%; left: 0; position: absolute; top: 0; width: 100%;\">\n<div class=\"wistia_embed wistia_async_v36m5mmjbr seo=true videoFoam=true\" style=\"height: 100%; position: relative; width: 100%;\">\n<div class=\"wistia_swatch\" style=\"height: 100%; left: 0; opacity: 0; overflow: hidden; position: absolute; top: 0; transition: opacity 200ms; width: 100%;\"><img decoding=\"async\" style=\"filter: blur(5px); height: 100%; object-fit: contain; width: 100%;\" src=\"https:\/\/fast.wistia.com\/embed\/medias\/v36m5mmjbr\/swatch\" alt=\"\" aria-hidden=\"true\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><\/p>\n<h3>Why Are Medical Devices So Vulnerable?<\/h3>\n<p>In 2022, Vedere Labs published \u201c<a href=\"https:\/\/www.forescout.com\/resources\/internet-exposure-of-medical-devices-and-systems\/#:~:text=On%20September%2012%2C%20the%20FBI,actors%20to%20\">Internet Exposure of Medical Devices and Systems<\/a>\u201d which went beyond vulnerabilities to show systemic medical device risk on the open internet.<\/p>\n<p>There are four common issues that lead to vulnerabilities being found or remaining unpatched in medical devices:<\/p>\n<ol>\n<li><strong>Devices used with a default configuration are easily exploitable. <\/strong><br \/>\nMany medical devices have default open ports or credentials when they are configured by a manufacturer, and sometimes these are not changed when deployed in healthcare organizations. For the <a href=\"\/research-labs\/access7\/\">Access:7<\/a> research, we identified medical devices that were shipped with a configuration agent still present and whole product lines sharing hardcoded credentials for remote access.<br \/>\n&nbsp;\n<\/li>\n<li><strong>The lifespan of medical devices gives threat actors ample time to find and exploit vulnerabilities. <\/strong><br \/>\nMedical devices are used in organizations for up to 30 years (or longer), which not only gives time to find vulnerabilities, but also the code running on them is potentially decades old. In the <a href=\"\/research-labs\/nucleus-13\/\">NUCLEUS:13<\/a> research, we found vulnerabilities in a software component used in medical devices since 1993.<br \/>\n&nbsp;\n<\/li>\n<li><strong>Devices require special upgrading procedures that delay patching.<\/strong><br \/>\nDue to specialized software and firmware running on many medical devices, the patching procedure is not as easy as in a traditional computer. Not only is applying patches more difficult, but even the existence of patches is not guaranteed for vulnerabilities affecting third-party components. This is an issue explored at length in our <a href=\"\/research-labs\/project-memoria\/\">Project Memoria<\/a> research.\n<p>Patches for certain devices in the US, for example, can require FDA approval \u2013 so sometimes patching is a roadblock for security teams to update in a timely manner through no fault of their own.\n<\/li>\n<li><strong>Devices were not designed with security in mind. <\/strong>\n<p>Many of the protocols running on these devices do not include basic security controls such as authentication and encryption. We have recently discussed the issue of insecurity by design in operational technology as part of <a href=\"https:\/\/www.forescout.com\/research-labs\/ot-icefall\/\">OT:ICEFALL<\/a>. We also have demonstrated in the past how insecure protocols in healthcare allow attackers to:<\/li>\n<\/ol>\n<ul>\n<li>Leak patient data<\/li>\n<li>Tamper with diagnostic results<\/li>\n<li>Disconnect a patient monitor<\/li>\n<li>Change a patient\u2019s vital readings on the network<\/li>\n<\/ul>\n<h3>Medical Device Risk Management: Prioritize by the Risk of Your Devices<\/h3>\n<p>It\u2019s crucial to understand the risk scope of medical devices. \u201cHospitals are installing a lot of\u00a0IoT devices\u00a0\u2014 everything\u2019s hooking into the network,\u201d says Ashis Barad, chief digital and information officer, to\u00a0<a href=\"https:\/\/medcitynews.com\/2024\/06\/cyberattack-ransomware-healthcare\/\" target=\"new\" rel=\"noopener\">MedCity News<\/a>. \u201cEvery MRI machine is now connected to a network, but it wasn\u2019t this way before.\u201d<\/p>\n<p>Forescout Research Vedere Labs has been <a href=\"https:\/\/www.forescout.com\/research-labs\/riskiest-devices\/\">tracking ransomware and device risk<\/a> for many years. Take a look at some of the patterns being uncovered. For healthcare and medical fields, we detailed the five riskiest areas:<\/p>\n<ul>\n<li>Medical information systems<\/li>\n<li>Electrocardiographs<\/li>\n<li>DICOM workstations<\/li>\n<li>Picture Archiving and Communication Systems (PACS)<\/li>\n<li>Medication Dispensing Systems<\/li>\n<\/ul>\n<p><strong><em>Go deeper, learn more: Attend our <a href=\"\/webinars\/2024-riskiest-devices-ams\/\">on-demand webinar<\/a> on the riskiest devices of 2024.<\/em><\/strong><\/p>\n<p>Vedere Labs also actively watches ransomware group activities very closely. Earlier this year, we examined <a href=\"\/blog\/analysis-a-new-ransomware-group-emerges-from-the-change-healthcare-cyber-attack\/\">attack groups splintering off during the Change Healthcare<\/a> ransomware debacle.<\/p>\n<h3>Ultimately, Medical Device Risk Goes Beyond One Category<\/h3>\n<p>\u201cIt is not enough to focus defenses on risky devices in a single category since attackers can leverage assets of different categories to carry out attacks,\u201d concludes Daniel dos Santos, Senior Director, Security Research at Vedere Labs, in our riskiest devices mitigation guidance. \u201cModern risk and exposure management should encompass assets in every category to reduce risk across the whole organization. Solutions that work only for specific devices cannot effectively reduce risk because they are blind to other parts of the network being leveraged for an attack.\u201d<\/p>\n<p><small>*Forescout has been named a Representative Vendor in the August <a href=\"https:\/\/www.forescout.com\/analyst-report-2024-gartner-market-guide-for-medical-device-risk-management-platforms\/\">2024 Gartner<sup>\u00ae<\/sup>\u00a0Market Guide for Medical Device Risk Management Platforms<\/a>, which we believe is a must-read report for healthcare delivery organization (HDO) CIOs, CISOs and network security administrators, as well as biomedical and clinical engineers.<\/small><\/p>\n<p><small><em>Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner\u2019s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<\/em><\/small><\/p>\n<p><small><em>GARTNER is a registered trademark and service mark of Gartner, Inc. and\/or its affiliates in the U.S. and internationally and is used here in with permission. All rights reserved.<\/em><\/small><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them. <\/p>\n","protected":false},"author":195,"featured_media":89862,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562],"tags":[],"coauthors":[818],"class_list":["post-89857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-views"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Unhealthy State of Medical Device Risk Management - Forescout<\/title>\n<meta name=\"description\" content=\"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Unhealthy State of Medical Device Risk Management - Forescout\" \/>\n<meta property=\"og:description\" content=\"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-12T15:00:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"419\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Don Sears\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\"},\"author\":{\"name\":\"Don Sears\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/91f65532234338343e33f997cee025d4\"},\"headline\":\"The Unhealthy State of Medical Device Risk Management\",\"datePublished\":\"2024-09-12T15:00:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\"},\"wordCount\":1272,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg\",\"articleSection\":[\"News &amp; Views\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\",\"name\":\"The Unhealthy State of Medical Device Risk Management - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg\",\"datePublished\":\"2024-09-12T15:00:13+00:00\",\"description\":\"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg\",\"width\":800,\"height\":419},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Unhealthy State of Medical Device Risk Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/91f65532234338343e33f997cee025d4\",\"name\":\"Don Sears\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/08e80600095be1a3991b9d354a9693cf\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/eaf34db3421f8c1e8f4adfd1c4b7dba2b68731e5b14192289d3753d80919584c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/eaf34db3421f8c1e8f4adfd1c4b7dba2b68731e5b14192289d3753d80919584c?s=96&d=mm&r=g\",\"caption\":\"Don Sears\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Unhealthy State of Medical Device Risk Management - Forescout","description":"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/","og_locale":"en_US","og_type":"article","og_title":"The Unhealthy State of Medical Device Risk Management - Forescout","og_description":"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.","og_url":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2024-09-12T15:00:13+00:00","og_image":[{"width":800,"height":419,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","type":"image\/jpeg"}],"author":"Don Sears","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/"},"author":{"name":"Don Sears","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/91f65532234338343e33f997cee025d4"},"headline":"The Unhealthy State of Medical Device Risk Management","datePublished":"2024-09-12T15:00:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/"},"wordCount":1272,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","articleSection":["News &amp; Views"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/","url":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/","name":"The Unhealthy State of Medical Device Risk Management - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","datePublished":"2024-09-12T15:00:13+00:00","description":"Today, medical device risk management is overwhelming. Get the facts on what cyber attackers target in healthcare and hospitals. Learn how to better secure them.","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","width":800,"height":419},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/medical-device-risk-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"The Unhealthy State of Medical Device Risk Management"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/91f65532234338343e33f997cee025d4","name":"Don Sears","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/08e80600095be1a3991b9d354a9693cf","url":"https:\/\/secure.gravatar.com\/avatar\/eaf34db3421f8c1e8f4adfd1c4b7dba2b68731e5b14192289d3753d80919584c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eaf34db3421f8c1e8f4adfd1c4b7dba2b68731e5b14192289d3753d80919584c?s=96&d=mm&r=g","caption":"Don Sears"}}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/09\/FS-2024-Unhealthy-State-of-MD-Risk-Management-Blog-Share.jpg","is_file":false,"excerpt_manually_set":true,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/89857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/195"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=89857"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/89857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/89862"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=89857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=89857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=89857"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=89857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}