Are newer medical IoT devices less secure than old ones?

Legacy medical IoT devices may lack security features, but newer ones built around commodity components can have a whole different set of vulnerabilities that are better understood by attackers.

iot security
Thinkstock

Experts differ on whether older connected medical devices or newer ones are more to blame for making healthcare networks more vulnerable to cyberattack.

The classic narrative of insecure IoT centers on the integration of older devices into the network. In some industries, those devices pre-date the internet, sometimes by a considerable length of time, so it’s hardly surprising that businesses face a lot of challenges in securing them against remote compromise.

Even if those devices aren’t quite that old, they often lack key capabilities – in particular, remote software updates and configurable password protection – that would help IT staff defend them against modern threats.

That might not be strictly true in regards to the medical field, according to Richard Staynings, chief security strategist for medical IoT security startup Cylera. There has, he argues, been an explosion in the number and variety of medical IoT devices in recent years, and many of those gadgets are at least as insecure as the true legacy equipment in the field.

In some cases, said Staynings, the older devices might actually be considerably more secure than those of more recent vintage. In particular, those based on dated technology like older versions of electrically erasable programmable read-only memory (EEPROM).

To continue reading this article register now

IT Salary Survey: The results are in