Connected medical devices are twice as likely to be hackers who exploit the BlueKeep error, compared to other devices in hospital networks. Consequently, patients and staff are at greater risk of cyberattacks, especially given that healthcare is already a particularly popular target for “hacking ” attacks. BlueKeep is an error that was detected in its Remote Desktop Protocol (RDP) service Microsoft in 2019 and affect them Windows 7, Windows Server 2008 R2 and Windows Server 2008.
Microsoft has released a patch for the BlueKeep error, and security authorities, including the US National Security Service (NSA) and the UK National Security Center (NCSC), have issued emergency warnings about fixing vulnerable systems.
There were concerns that the BlueKeep error could develop as a "worm", just as it did with EternalBlue. This cyberattack has affected organizations around the world, with the UK's national health service being one of the main victims. However, despite warnings of a possible recurrence of such a cyberattack, a significant number of standardized Windows systems as well as medical devices running Windows are still vulnerable to BlueKeep attacks.
According to CyberMDX, over 20% of all Windows devices in a typical hospital are exposed to BlueKeep because they have not received the necessary patches. Especially when it comes to connected medical devices running Windows, their number is increased to 45%.
Devices connected to hospital networks can include radiology equipment, monitors, X-ray and ultrasound devices, anesthesia machines, and more. If these devices are not repaired, it is likely that the destructive cyberattacks that are looking for machines that are vulnerable to BlueKeep could endanger hospital networks and patients. Indicatively, in 2019, at least 10 hospitals were forced to remove patients because of cyberattacks. However, repair is a particular challenge for hospitals, because in many cases devices must continue to operate to provide care to patients and cannot be switched off to implement an update and repair. Also, hospital networks are so large that it is easy for the IT department to lose assets, which could result in devices losing patches.
One of the major problems for hospitals is that many devices are outdated: Windows 7, for example, is vulnerable to BlueKeep and is no longer supported by Microsoft, but is still used in hospital networks. Any further errors found in Windows 7 as well as other unsupported operating systems are not guaranteed security updates. Thus, the devices must be separated from the rest of the network or excluded from the external internet where possible.
Finally, BlueKeep and other bugs are basically victims of networks that have not been updated with patches to protect against any cyberattacks. Therefore, the equipment and reinforcement of these patch systems is a good prevention against cyberattacks.