Cybersecurity of Internet-Facing Devices: Healthcare’s Hidden Threat of Known Exploited Vulnerabilities

Internet-facing devices in healthcare come in three forms, each presenting unique risks:

1. Devices with Internet-Facing IP Addresses: These are publicly accessible via an IP address, such as DICOM servers or remote access tools like Citrix servers. They are often protected by firewalls or load balancers using Network Address Translation (NAT) to map public IPs to internal ones, shielding against threats like malformed packets or Denial of Service (DoS) attacks. However, unpatched vulnerabilities or misconfigurations can leave them exposed.

2. Devices with Internet Access: These reside on private networks but connect to the internet, including PCs, laptops, smartphones, Internet of Medical Things (IoMT) devices (e.g., smart pumps, monitors), and operational technologies like building automation systems. They rely on software agents for device-level security and network controls like firewalls, Network Access Control (NAC) with Access Control Lists (ACLs), and proxies to inspect traffic and block malicious sites.

3. Devices with Remote Access Applications: A subset of devices with internet access, these run applications (e.g., TeamViewer, AnyDesk) that allow remote connections without public IPs. Often used by vendors for maintenance, these tools can bypass firewall rules if unmanaged, creating backdoors for attackers.

The U.S. government, through the HHS Landscape Analysis, has identified internet-facing devices with KEVs as one of the top three cyberattack vectors in healthcare. Most hospitals face unnecessary exposure due to a lack of visibility into their devices—whether publicly accessible, internet-connected, or running remote access applications—and their communications. The 2024 Verizon DBIR confirms that system intrusions, often initiated through these devices, now outpace phishing as the leading cause of breaches. Solutions like Claroty xDome empower healthcare organizations to overcome this challenge through Exposure Management, providing the tools to identify, prioritize, and mitigate risks across all internet-facing devices. By closing these digital front doors, hospitals can protect patient data, ensure operational continuity, and safeguard the trust at the heart of healthcare.