As artificial intelligence rapidly transforms the cyber threat landscape in healthcare, new data from Black Book Research reveals a critical and overlooked vulnerability: the physical security of hospitals, clinics, and payer organizations. 

While 93% of surveyed cybersecurity leaders say their digital defenses are strong, fewer than one in five have any strategic plan to address the rise of AI-enabled physical security threats.

Based on Q2 2025 polling of 1,128 provider and payer cybersecurity decision-makers worldwide, Black Book’s findings point to a dangerous disconnect. Healthcare organizations are investing heavily in digital firewalls, endpoint protection, and ransomware defense, yet they remain largely blind to a new class of threats powered by generative AI—threats that can mimic clinician voices, manipulate surveillance footage, bypass building access systems, and compromise smart infrastructure.

“AI is no longer just a digital threat; it is a physical one,” says Doug Brown, founder of Black Book Research, in a release. “We are now seeing threat actors use generative AI to impersonate clinicians, defeat voice authentication, bypass smart locks, and manipulate surveillance systems. These are no longer hypothetical scenarios. Attackers are walking through the front doors of hospitals using tools that outpace the slow churn of healthcare policy, procurement, and security oversight. Any health system that still separates physical and cyber risk is operating on outdated assumptions.”

Respondents described a widening gap between cyber risk awareness and operational readiness. Despite growing headlines about AI-generated phishing, deepfake impersonations, and drone surveillance, the healthcare sector has not meaningfully upgraded its physical security posture in parallel with its digital investments.

Key findings from the Black Book Q2 2025 poll:

• 93% of cybersecurity leaders say their digital protections are adequate, but only 18% report having any strategy to mitigate AI-driven physical threats.
• 71% of hospital executives acknowledge their facility’s physical security systems are unprepared for manipulations such as deepfake badge credentials or sensor spoofing.
• 67% of payer organizations with physical office sites or hybrid call centers were unaware that AI voice cloning could defeat IVR authentication or front-desk verification processes.
• 82% of all respondents reported they had not conducted a cyber-physical risk audit in the past 12 months.

Vendors Recognized for Addressing AI-Driven Cyber-Physical Threats

Survey respondents identified several vendors as having strong capabilities in detecting and mitigating emerging AI-driven threats that cross digital and physical domains. These platforms are used across hospitals, health systems, and payer networks and include tools based on machine learning, behavioral analytics, and autonomous threat detection.

• Armis offers agentless visibility and AI-based monitoring for connected medical devices and operational technologies.
• Bishop Fox provides red teaming services used to expose vulnerabilities in surveillance, badge access systems, and connected care infrastructure.
• Claroty (Medigate) protects IoMT and clinical systems through machine learning that detects manipulation of connected devices and smart facility components.
• Cisco Secure supports Zero Trust architectures and includes AI-powered analytics to monitor digital and physical access behaviors in hybrid clinical environments.
• CrowdStrike offers agent-based AI for detecting behavioral anomalies and sophisticated threat campaigns across clinical endpoints.
• Cynerio secures medical IoT systems by baselining device behavior and flagging manipulation or ransomware infections.
• Darktrace uses self-learning AI to detect impersonation, badge cloning, and network manipulation across thousands of healthcare organizations.
• IBM Security offers platforms that correlate digital and physical access data while automating threat response.
• Okta provides identity and access management with adaptive AI to prevent credential theft and synthetic access.
• Ordr enforces security policies for medical and building systems, isolating unauthorized device activity.
• Palo Alto Networks uses AI-powered platforms to enforce segmentation and detect polymorphic malware.
• SentinelOne delivers autonomous endpoint protection against AI-crafted exploits and real-time threat behaviors.
• Vectra AI flags privilege escalation and behavioral deviations common in AI-generated attacks.

These solutions reflect a growing shift toward integrated cyber-physical risk management, as AI-generated threats increasingly evade traditional rules-based defenses.

What Makes a Tool ‘AI Threat-Ready’ in Healthcare?

According to Black Book, effective tools must detect synthetic behaviors rather than just known malware signatures, identify identity misuse such as voice or video impersonation, monitor IoMT and operational environments, and support red teaming or simulation of AI threats to proactively assess system vulnerabilities.

ID 309840907 © Tero Vesalainen | Dreamstime.com

By Dan Coleman, general manager, federal civilian at Microsoft

With cyber threats escalating in both frequency and sophistication, the urgency for federal agencies to modernize their cybersecurity strategies has never been greater.

Traditional perimeter-based defenses are no longer sufficient to counter today’s evolving threat landscape. To better protect critical systems and sensitive data, agencies are increasingly adopting Zero Trust frameworks, augmented by artificial intelligence (AI)-driven threat detection, to create more adaptive, resilient security infrastructures.

This shift reflects a larger trend across the public sector: moving from static, siloed security models to proactive, intelligence-driven systems capable of real-time risk mitigation. These advances support not only threat prevention but also improve compliance with evolving federal cybersecurity mandates.

While these cybersecurity strategies are gaining traction among federal agencies, they also offer valuable lessons for HTM professionals managing medical device networks and hospital IT systems.

Why Zero Trust Now?

Zero Trust is based on a fundamental shift in philosophy: Assume no user or system is inherently trustworthy. Instead, access is granted based on continuous verification of identity, device health, and context. This approach helps reduce attack surfaces and mitigates the risk of insider threats, credential misuse, and lateral movement by malicious actors.

By implementing Zero Trust principles across identity management, network activity, and device access, federal agencies can better safeguard against both known and emerging threats. These practices significantly reduce vulnerabilities and enhance agencies’ ability to enforce consistent security policies.

AI’s Role in Real-Time Threat Detection

The integration of AI into cybersecurity operations allows agencies to analyze large volumes of telemetry data and act on threats as they arise. AI-powered analytics can detect suspicious behavior, correlate signals across platforms, and prioritize critical risks—often faster and more accurately than manual processes.

Proactive threat detection not only enhances protection but also enables automated response and remediation. This reduces incident response times and limits potential damage from breaches. AI can also support regular audits by identifying vulnerabilities and confirming adherence to evolving federal security standards.

Moving from Fragmentation to Integration

Many agencies continue to manage cybersecurity through a patchwork of siloed point solutions, each with its own interfaces, alerts, and limitations. This fragmentation leads to operational inefficiencies, higher costs, and security gaps. By consolidating vendors and adopting integrated platforms, agencies can streamline operations, gain unified visibility, and reduce complexity.

Vendor consolidation also provides financial benefits, with studies showing potential savings of up to 60 percent on security budgets. More importantly, it enables agencies to respond faster and more effectively across all layers of their IT environments, whether on-prem, cloud, or hybrid.

Addressing Technical Debt and Shadow IT

Decades of incremental technology deployment have left many federal agencies burdened with outdated systems and unmanaged shadow IT. These environments are difficult to secure and often incompatible with modern cybersecurity practices. Transitioning to scalable, security-first frameworks helps agencies address this technical debt and align their security posture with contemporary threats.

Zero Trust and AI-powered security systems offer the ability to modernize without disrupting essential services. They support continuous improvement, automation, and centralized policy enforcement, which are core attributes of a forward-looking federal cybersecurity strategy.

Practical Steps to Modernization

To advance cybersecurity modernization, federal agencies should consider these best practices:

• Adopt a Zero Trust Framework: Implement continuous verification of user identities, device status, and network activity. Access should be granted based on dynamic risk assessments, reducing exposure to both external and internal threats.
• Leverage AI-Driven Threat Detection: Deploy advanced analytics to process real-time telemetry data and identify potential threats. Automation accelerates detection, triage, and response for minimizing operational disruptions.
• Consolidate Security Vendors: Streamline fragmented systems by replacing them with integrated platforms that provide end-to-end visibility and consistent policy enforcement across all environments.
• Integrate Holistic Security Solutions: Unified systems consolidate threat intelligence and enable data-driven workflows. This reduces alert fatigue, improves incident response, and strengthens overall resilience.
• Foster Public-Private Collaboration: Partner with technology providers who offer scalable platforms aligned with federal security requirements. These collaborations ensure access to cutting-edge tools, regular updates, and industry best practices.

Looking Ahead

Federal cybersecurity is no longer just about protection. It’s about adaptability, efficiency, and trust. In an environment where cyber risks are constantly evolving, integrated and intelligent security architectures provide agencies with the visibility and speed needed to stay ahead.

By implementing Zero Trust principles, embracing AI, and consolidating fragmented systems, agencies can reduce risk, modernize operations, and ensure the security of essential services, while building a more secure digital future for the public they serve.

About the Author: As general manager federal civilian at Microsoft, Dan Coleman is responsible for the strategic positioning and successful delivery of cloud and enterprise services to Microsoft’s public sector customers.

ID 239529186 © Luisfilipemoreira | Dreamstime.com

Telcion Communications Group, a provider of IT solutions and managed services tailored to healthcare, has been named the winner of the “Best Overall Healthcare Cybersecurity Solution” award in the 9^th annual MedTech Breakthrough Awards. 

The independent market intelligence organization, MedTech Breakthrough, presents these awards recognizing the top companies, technologies, and products in the global digital health and medical technology market.

Telcion describes its healthcare network security solutions as a safeguard for “the critical IT infrastructure of healthcare organizations by combining advanced technologies, proactive monitoring, and industry-specific expertise to deliver secure, scalable, and efficient protection.”

Telcion leverages tools like Cisco Security and Managed SOC, and SIEM solutions to provide end-to-end visibility, threat detection, and incident response. These technologies are designed to work together to identify and neutralize threats before they impact operations.

According to the company, security assessments are a key part of its solution. Each engagement begins with an evaluation of an organization’s current security posture, policies, and controls. Using advanced analytics and cybersecurity expertise, Telcion identifies vulnerabilities and gaps, then creates a roadmap to mitigate risks. This approach aims to ensure protection meets the unique needs of each organization, from single-site clinics to large multi-hospital systems.

“We are a trusted partner for healthcare organizations seeking reliable, scalable network security. Whether addressing routine vulnerabilities or mitigating sophisticated cyberattacks, our solutions ensure that healthcare networks remain secure, resilient, and optimized for care delivery,” says Lance Reid, co-founder and CEO of Telcion Communications Group, in a release. “It’s an honor to receive the ‘Best Overall Healthcare Cybersecurity Solution’ award from MedTech Breakthrough. We remain committed to enabling secure, seamless care delivery while continually enhancing the adaptability and effectiveness of our solutions.”

MedTech Breakthrough Awards

The MedTech Breakthrough Awards program celebrates excellence and innovation in the health and medical technology industry, recognizing the companies, products, and solutions driving meaningful progress and improving patient care. The awards span a range of categories, including telehealth, clinical administration, patient engagement, electronic health records, virtual care, medical devices, medical data and privacy, and beyond.

This year’s program saw a record number of nominations from leading companies and startups across more than 18 countries.

“Healthcare organizations are navigating an increasingly relentless landscape with cybersecurity threats changing by the minute. Protecting networks and sensitive patient data from security breaches is both costly and complex,” says Steve Johansson, managing director, MedTech Breakthrough, in a release. “Telcion’s healthcare network security solutions are a model of innovation and effectiveness in these sensitive and complex environments. Their use of advanced tools and methodologies, combined with proactive monitoring and expert support, empowers healthcare organizations to focus on patient care, knowing their data and systems are safeguarded against cyber threats.”

Telcion also supports care delivery models, including telemedicine. Healthcare providers can expand access to care while maintaining compliance with data privacy regulations, such as HIPAA. 

ID 267733173 © Yuri Arcurs | Dreamstime.com

Related Read:

Full Spectrum, a product development and engineering services company specializing in the medical device, digital health, and life science industries, announced it has unveiled a new suite of cybersecurity services. 

With cybersecurity continuing to escalate in importance, the services aim to address the critical need companies have for ensuring privacy, safety, and reliability in a world that is becoming more and more interconnected.

A report by the FBI found that over half of connected medical devices in hospitals had known critical vulnerabilities, and 40% of devices at the end-of-life stage had little or no security patches. Additional research identified close to 1,000 security vulnerabilities across 966 tested medical devices in 2023—a 59% year-over-year increase from 2022. As security risks continue to surge, it’s essential that health technology organizations prioritize cybersecurity to safeguard against breaches and protect consumers’ and patients’ welfare.

New Cybersecurity Services

Full Spectrum’s suite of cybersecurity services include:

• Cybersecurity portfolio risk analysis
• Cybersecurity process and tools assessment and remediation
• Product cybersecurity assessment and remediation
• Software bill of materials and system vulnerability assessment and monitoring
• Cybersecurity architecture

“Trust in medical devices, health information systems, medical mobile applications, and robotic systems is based on the expectation of stringent cybersecurity. As medical technologies are increasingly connected, this only continues to grow in importance,” says Adam Hesse, CEO of Full Spectrum, in a release. “We have the deep knowledge and experience to offer customized cybersecurity solutions that protect organizations’—and patients’ and consumers’—sensitive data, secure devices, and guarantee adherence to changing regulatory standards to ensure compliance.”

ID 343466430 © ScorpionProduction | Dreamstime.com

Related Read:

Forescout Technologies Inc, specializing in cybersecurity, received recognition from the 2025 Cybersecurity Excellence Awards for its Internet of Medical Things (IoMT) security solution. The award highlights the company’s role in addressing cybersecurity challenges in healthcare by improving visibility and control across connected device environments.

The recognition follows Forescout’s recent 2025 Global Medical Device Security Product Leadership Award from Frost & Sullivan and Forescout Vedere Labs’ expanded threat intelligence sharing, now including the Health Information Sharing and Analysis Center. 

Forescout’s technology is used by more than 200 healthcare organizations managing 400,000-plus hospital beds globally to help secure networks and connected medical devices. St. Luke’s University Health Network, for example, leverages Forescout’s platform for asset intelligence to ensure network assets remain compliant, secure, or quarantined. Forescout data also enhances St. Luke’s Microsoft Defender and Azure operation. 

“With more medical devices connected to the Internet, healthcare has been left more exposed than ever—putting operations, patient data, and even lives at risk,” says Barry Mainz, CEO of Forescout, in a release. “We help organizations secure every device with visibility, automation, and control, so they can stay online and focused on patient care. This award reinforces our commitment to protecting them and advancing our technology capabilities to address the unique risks in healthcare.”

Cybersecurity Excellence Awards

The Cybersecurity Excellence Awards recognize organizations, products, and professionals who demonstrate leadership, innovation, and excellence within information security. 

“We congratulate Forescout on its well-deserved recognition in the IoMT category of the 2025 Cybersecurity Excellence Awards,” says Holger Schulze, founder of Cybersecurity Insiders and organizer of the awards, in a release. “As we celebrate a decade of cybersecurity excellence, Forescout’s relentless innovation and leadership continue to raise the bar, driving the industry forward and setting new standards in securing critical healthcare technology.”

ID 267733173 © Yuri Arcurs | Dreamstime.com

Related Read:

Ordr, a company specializing in AI-powered asset risk and exposure management, announced updates to its Ordr AI Protect platform, introducing streamlined offerings designed to improve asset visibility, risk prioritization, and security enforcement for healthcare, industrial, and enterprise organizations.

At the same time, Ordr co-founder and chief product officer Pandian Gnanaprakasam is returning as CEO to lead the company into its next phase of growth. Ordr is introducing a refreshed brand identity rooted in its mission to “Bring ORDR to Chaos,” according to a release from the company. The new identity aims to highlight the platform’s dual capabilities: extracting exposure insights from hard-to-track, high-risk assets while providing automated, scalable protection for mission-critical devices.

“The rapid growth of unmanaged and agentless assets is creating significant visibility gaps, exposure risks, and operational challenges,” says Gnanaprakasam in a release. “With our early AI investments and recent advancements in LLMs, we now offer a simplified and cost-effective platform that minimizes operational complexity and seamlessly transitions organizations from asset intelligence to automated enforcement, delivering the speed, precision, and automation needed to protect what matters most.”

A Unified Approach to Modern Security Challenges 

Ordr’s evolved product offerings aim to provide a clear path for organizations to achieve proactive security through AI-driven asset intelligence and automated actions.

• Ordr AI Protect for Security – Designed for quick-time-to-value asset intelligence and risk remediation, the “security” offering takes advantage of Ordr’s suite of risk assessment capabilities to eliminate blind spots, prioritize vulnerabilities, and reduce security gaps. By integrating with over 200 IT and security tools, packet decoding, and proprietary AI-driven classification and workflows, Ordr AI Protect for Security aims to deliver lifecycle security across IT, IoT, OT, and IoMT assets.
• Ordr AI Protect for Segmentation – Built on the capabilities of Ordr AI Protect for Security, the “segmentation” offering provides real-time and automated threat detection and response and micro-segmentation policy creation and enforcement. Ordr AI Protect for Segmentation is designed to enable organizations to rapidly isolate threats that are difficult to remediate and safeguard vulnerable legacy assets.

The evolution of Ordr’s platform, according to the company, provides organizations with: 

• Instant, Comprehensive Risk Insights – Many security tools require complex deployments before delivering value. Ordr provides full-spectrum asset intelligence by combining API-based and proprietary discovery methods with packet-decoding capabilities as needed, enabling organizations to immediately identify risks and exposure gaps.
• AI-Powered Risk Analysis and Response – IT and security teams need more than raw data; they need a streamlined and intelligent way to manage risk. Ordr’s modern platform centralizes asset monitoring, risk prioritization, and automated remediation workflows in a single AI-driven experience, helping teams focus on high-impact security actions instead of drowning in alerts.
• Effortless Protection for High-Value Assets – Enforcing Zero Trust shouldn’t be a manual burden. Ordr aims to simplify threat response and segmentation with AI-powered automation, dynamically isolating threats, containing lateral movement, and ensuring critical assets remain protected without disrupting business operations.

“Throughout my career, I’ve seen firsthand how organizations struggle to balance security with operational efficiency,” says Wes Wright, chief healthcare officer at Ordr, in a release. “This platform evolution directly addresses that challenge by bringing both rapid time-to-value and deep scalable security automation to industries where risk is growing fastest.”

Ordr showcased its evolved platform and brand transformation at HIMSS 2025.

“Ordr’s AI-driven platform evolution and brand transformation mark a pivotal moment for the company,” says René Bonvanie, executive chairman of the board at Ordr, in a release. “As organizations navigate unprecedented asset risks, ORDR delivers the AI-driven intelligence and automation needed to stay ahead. With Pandian returning as CEO, his deep product vision and leadership will drive innovation, align the GTM with core strengths, and empower customers to safeguard their most critical assets.”

ID 154742527 © Pop Nukoonrat | Dreamstime.com

Asimily, a provider of IoT, OT, and IoMT risk management solutions, announced the launch of its IoT Patching solution, enabling customers to automate, standardize, and streamline firmware updates across their connected device ecosystems. 

The new capability reduces security risks by simplifying the otherwise complex process of keeping heterogeneous IoT device fleets continually updated with the latest security patches.

Asimily’s IoT Patching aims to solve a critical and persistent challenge in IoT device management: the time-consuming and resource-intensive process of updating firmware across multiple device types and manufacturers. Cyberattacks are increasingly targeting IoT devices, with some of the world’s largest IoT botnets launching attacks measured in terabits per second. Asimily’s research shows that IoT devices receive firmware updates every five months on average, creating an extended window of vulnerability.

“The exponential growth of IoT devices—which we’re seeing across industries—has put tremendous pressure on security and IT teams to keep pace,” says Shankar Somasundaram, CEO of Asimily, in a release. “They have to sort through myriad firmware versions, understand different mechanisms to update devices, and go through as many vendor portals as they have device models—all while racing against attackers who are looking to exploit vulnerabilities. 

“We’ve seen organizations taking weeks or months to deploy critical patches (or, in fact, never deploy patches) across their IoT fleets. Our new IoT Patching solution changes the game. What once required multiple teams, many hours, and complex coordination can now be accomplished with a couple of clicks.”

The solution’s automated capabilities enable customers to reduce vulnerability windows and avoid complex technical hurdles. Through streamlined firmware updates, organizations can protect their IoT devices more efficiently without compromising operational continuity. This is particularly crucial for healthcare, manufacturing, and other industries where IoT devices and internet-connected equipment play mission-critical roles.

Features of the IoT Patching Solution

Key features of Asimily’s IoT Patching solution include:

• Patch deployment automation: Regularly checking manufacturer repositories for new firmware releases, with notification to customers whenever new updates become available.
• Status monitoring dashboard: Detailed tracking and real-time reporting are available through the IoT Patching audit interface.
• Deployment flexibility: Support for on-demand updates of individual devices, bulk updates, and scheduled automated patching are designed to minimize or eliminate operational disruption.
• Broad device coverage: Compatibility across a range of connected devices from major manufacturers including Axis Communications, Cisco, HP Enterprise, Zebra, and others, covering IP cameras, printers, network applications, and more. Additional manufacturers and devices are being added regularly.

The IoT Patching solution is designed to standardize the update process across different manufacturers while handling complex requirements like cluster failover states. It fully integrates with Asimily’s risk management platform, which provides end-to-end IoT device security through inventory management, vulnerability detection, and threat response capabilities. 

Summary:

A new IoT patching solution has been launched to automate and streamline firmware updates across a range of connected devices and equipment, addressing a long-standing cybersecurity challenge. The tool is designed to reduce the time-consuming and resource-intensive process of manually updating firmware across multiple device types and manufacturers, helping organizations close vulnerability gaps more efficiently. With automated patch deployment, real-time monitoring, and broad device compatibility, the solution aims to enhance cybersecurity in industries such as healthcare, manufacturing, and critical infrastructure where IoT security is essential.

Key Takeaways:

• Automated Patching Reduces Cybersecurity Risks – The tool automates firmware updates, minimizing the time IoT devices remain vulnerable to attacks.
• Designed for Diverse IoT Ecosystems – The solution supports multiple manufacturers and device types, addressing the complexity of managing updates across large, heterogeneous IoT fleets.
• Critical for Healthcare and Other Industries – IoT security remains a pressing concern in industries where connected equipment plays a key role, making automated patching an important step in reducing risk.

ID 119668705 © Alexandersikov | Dreamstime.com

Asimily, an innovator in Internet of Things (IoT), operational technology, and Internet of Medical Things risk management, announced a partnership with Blood Centers of America, whose sixty-plus member and affiliate organizations are responsible for over 50% of the US blood supply.

 This partnership makes Asimily’s lab, medical device, and IoT security and risk management platform directly available to all Blood Centers of America members, enabling blood centers to protect their connected equipment and sensitive data.

This partnership aims to address protecting the various connected devices in the blood bank ecosystem, from collections through testing and ultimately distribution.

“The security of our members’ operations directly impacts the safety and availability of America’s blood supply,” says Sam Keith, senior vice president of Blood Centers of America, in a release. “By partnering with Asimily, we’re ensuring our nationwide member organizations have the industry-leading solution to secure their lab, medical, and IoT devices and to protect their critical equipment and sensitive data.”

Device and Equipment Monitoring

Asimily’s platform combines device visibility, vulnerability management, continuous threat monitoring, and streamlined remediation workflows that are optimized for healthcare and life sciences environments like blood centers. The company has experience securing organizations’ critical healthcare operations, with customers including MemorialCare and Methodist Le Bonheur Healthcare. Asimily is also the top-ranked medical device security solution by Gartner Peer Review Insights.

“Recent security breaches continue to underscore how attractive healthcare and life sciences targets are for cybercriminals—unfortunately, blood centers have been part of that story,” says Mike McDermott, vice president of Asimily, in a release. “Particularly with FDA guidance becoming more specific and urgent for blood centers, Asimily’s technology ensures that all devices and equipment can be monitored for the most current and serious vulnerabilities and threats. With Asimily, blood centers can confidently scale IoT assets with the visibility and continuous monitoring required to protect data thoroughly and efficiently.”

The Asimily platform enables Blood Centers of America members to:

• Monitor all connected devices, including critical blood testing and processing equipment
• Reduce their threat surface by mitigating exploitable vulnerabilities
• Detect and respond to threats before they impact blood center operations
• Automate security operations with healthcare-optimized workflows
• Meet stringent compliance requirements and follow FDA guidance
• Safeguard sensitive patient data and intellectual property

Summary:

Asimily has partnered with Blood Centers of America (BCA) to provide its IoT and medical device security platform to BCA’s network, which is responsible for over 50% of the U.S. blood supply. The collaboration aims to enhance cybersecurity, protect critical equipment, and ensure regulatory compliance across blood collection, testing, and distribution processes. Asimily’s platform offers device monitoring, vulnerability management, and automated security workflows, supporting BCA members in safeguarding their operations.

Key Takeaways:

1. Partnership Expands IoT Security in Blood Centers – Asimily’s platform is now available to BCA members, providing tools to secure connected lab and medical devices.
2. Supporting Regulatory Compliance – The collaboration helps blood centers align with evolving FDA cybersecurity guidance for medical and lab equipment.
3. Enhancing Operational Resilience – Asimily’s technology offers real-time monitoring and threat detection, helping blood centers mitigate risks and maintain secure operations.

ID 344292569 © Halyna Panfilenko | Dreamstime.com

Summary:

CISA and the FBI have issued a new Secure by Design Alert warning about the risks of buffer overflow vulnerabilities. These vulnerabilities, which can lead to data corruption, unauthorized code execution, and network compromise, are frequently exploited by cyber actors. The alert provides best practices for eliminating these risks, urging software manufacturers to adopt memory-safe programming languages and secure development practices. Additionally, CISA and the FBI call on software customers to demand secure products from manufacturers to drive industry-wide improvements in cybersecurity.

Key Takeaways:

1. Buffer Overflow Risks – Buffer overflow vulnerabilities remain a major security risk, the agencies note, often exploited by threat actors to gain access to networks and execute malicious code.
2. Secure by Design Approach – CISA and the FBI recommend eliminating these vulnerabilities by using memory-safe programming languages and secure development practices.
3. Call for Industry Action – Both software manufacturers and customers are urged to prioritize security, with customers encouraged to demand products that incorporate built-in protections.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. 

“Eliminating Buffer Overflow Vulnerabilities” describes proven techniques to prevent or mitigate buffer overflow vulnerabilities through secure by design principles and best practices.

Buffer overflow vulnerabilities are a prevalent type of defect in memory-safe software design that can lead to system compromise. These vulnerabilities can lead to data corruption, sensitive data exposure, program crashes, and unauthorized code execution. Threat actors frequently exploit these vulnerabilities to gain initial access to an organization’s network and then move laterally to the wider network.

CISA and FBI urge manufacturers to review the alert and, where feasible, eliminate this class of defect by developing new software using memory-safe languages, using secure by design methods, and implementing the best practices supplied in this alert. 

CISA and FBI also urge software customers to demand secure products from manufacturers that include these preventions. 

CISA’s Secure by Design Pledge page provides more information on its voluntary pledge, which focuses on enterprise software products and services—including on-premises software, cloud services, and software as a service.

ID 322842530 | Cybersecurity © Ai8075 | Dreamstime.com

Further Reading for You:

Summary:

A new report from Claroty reveals that over 111,000 operational technology (OT) devices across critical sectors, including manufacturing, logistics, and natural resources, contain known exploitable vulnerabilities. Based on an analysis of nearly 1 million OT devices, the report highlights that 68% of these vulnerabilities are linked to ransomware groups. The findings emphasize the growing security risks posed by state-sponsored threat actors, as 12% of organizations analyzed had OT assets communicating with malicious domains from countries like China, Russia, and Iran. The report underscores the need for organizations to shift from traditional vulnerability management to an exposure management approach to proactively reduce risk.

Key Takeaways:

• Widespread OT Vulnerabilities and Ransomware Links – Of the 111,000 known exploitable vulnerabilities in OT devices, 68% are linked to ransomware groups, posing significant risks to critical industries.
• Internet-Exposed OT Assets Increase Threat Risks – 40% of organizations analyzed had a subset of vulnerable OT assets insecurely connected to the internet, further escalating the potential for cyberattacks.
• State-Sponsored Threats Target Critical Sectors – 12% of organizations had OT assets communicating with malicious domains linked to state actors from China, Russia, and Iran, highlighting the rising risks from nation-state threats.

Claroty, a cyber-physical systems (CPS) protection company, released a new report revealing the exposures that are most coveted for exploitation by adversaries in operational technology devices (OT). 

Based on an analysis of almost 1 million OT devices, the “State of CPS Security 2025: OT Exposures” report found over 111,000 known exploitable vulnerabilities in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with more than two-thirds (68%) of the known exploitable vulnerabilities being linked to ransomware groups. Based on an analysis of almost 1 million OT devices, the report uncovers the riskiest exposures for enterprises amid rising threats to critical sectors.

In the report, Claroty’s research group Team82 examines the challenges industrial organizations face when identifying which known exploitable vulnerabilities in OT devices to prioritize for remediation. It highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risk at scale. 

With offensive activity rising from state-sponsored threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those from China, Russia, and Iran.

Key Findings:

• Of the close to 1 million OT devices analyzed, Team82 found that 12% contain known exploitable vulnerabilities, and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
• 7% of the devices are exposed with known exploitable vulnerabilities that have been linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets insecurely connected to the internet.
• 12% of organizations in the research had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
• The manufacturing industry was found to have the highest number of devices with confirmed known exploitable vulnerabilities (over 96,000) with over two-thirds (68%) of them being linked to ransomware groups.

“The inherent nature of operational technology creates obstacles to securing these mission critical technologies,” says Grant Geyer, chief strategy officer at Claroty, in a release. “From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible.”

ID 92479112 © Yanawut Suntornkij | Dreamstime.com