Alarming Vulnerabilities in Medical Device Purchases: A 12-Year Analysis Across 36 Countries
Researchers from the University of Rome Tor Vergata performed extensive analysis across over 36 countries within a 12-year range, searching 92 million public administration purchase records for potentially vulnerable medical devices. The findings reveal a concerning landscape wherein numerous medical devices purchased by national health services possessed or still possess 661 distinct vulnerabilities—more than half of which are deemed critical or high-severity.
From the analysis, the team found 14,478 purchases which could be attributed to 202 different types of medical devices bought by 1241 health facilities and having 150 different known vulnerabilities.
The graph below shows the geographical (a) and temporal (b) distribution of the analyzed data. Statistics of the time between the purchase of a MD and the release of a CVE (Exposure times) (c).