Think Outside the Server: Copiers and Medical Equipment May be at Risk

In my experience working in IT, I have seen many organizations who leave peripheral devices on the network with internet access and they leave the passwords at the default settings. The servers and workstations are secured. Network switches, wireless access points, and routers are locked down as well. For some reason, people do not see printers, scanners, and copiers as a threat. The devices can be compromised and used to gather information. Some copiers and scanners can and do save local copies of papers that were copied or scanned. Also, many copiers also hold a username and password for network shares that can be used to access folders and files on your network.This same principle also applies to medical devices in hospitals. The difference is that X-ray and Ultrasound equipment may hold private patient information in them. They also connect to network shares and may have saved credentials.Every device on your network must have the default password reset and if possible, change the name of the Admin account. Put your devices on a VLAN that does not have internet access. Be aware that attacks against network devices and medical equipment are real and it does happen. If it connects to your network it must be secured. Below are some links that help to explain the risks.

---

https://www.nbcnews.com/business/consumer/exclusive-millions-printers-open-devastating-hack-attack-researchers-say-f118851http://www.cnbc.com/2016/10/15/as-cyberthreats-multiply-hackers-now-target-medical-devices.html