82% of healthcare providers that have implemented Internet-of-Things (IoT) devices have experienced a cyberattack on at least one of those devices over the course of the past 12 months.
The biggest threat from these IoT cyberattacks is the theft of patient data. The attacks also have the potential to compromise end-user safety through misconfiguration, result in the loss of intellectual property, operational downtime, and damage to the organization’s reputation. The failure to effectively secure the devices could also potentially result in a regulatory fine. The internet of medical things (IoMT) brings increased connectivity to all markets and industries, enabling a wide array of new services for customers and new business models for service providers. The question becomes, how do you secure these devices?
1. Develop a Common Operational Picture (COP).
The healthcare facility must identify and scope what is currently in their environment and categorize those assets based on priority and risk level. Without having a common operational picture within their environment, the healthcare facility is at risk of having vulnerabilities not being patched and assets not being scanned creating hundreds of threat vectors.
2. Establish responsibility for maintaining the security posture of the medical devices.
Many vendors are happy to sell to the medical community but don’t do what’s necessary to keep the device updated and patched. Too many medical devices are running on obsolete software. The healthcare facility has to take responsibility to ensure that ongoing security maintenance and support is built into all acquisitions for the life of the device.
3. Have a plan on how you will be able to apply limited resources to manage the IoMT.
Try to incorporate security review/testing into your maintenance schedule, so that anytime you touch a device, you are doing all you can to make sure that it’s safe to operate in a clinical environment. It’s helpful to have a checklist of security checks for each device so that the Biomedical Technician can just go through the checklist and evaluate the security posture, along with the technical functionality of the device.
4. Control everything that connects into their network.
Managing network segmentation can assist with risk mitigation and controlling a breach if one does occur. Network visibility is critical. On the network itself, you can run sensors, virtual solutions, and physical devices that help you manage connections, packets, users, and much more. A well planned and well-designed network architecture can save you time and money by maximizing network resources to monitor your inventory. It can also help to identify and correct problems when they are identified to help limit the impact of the problem.
5. Create security based on context and multiple layers.
When it comes to IoT and connected devices, contextual security can assist the isolation IoMT solutions to their own network. For example, for an IoMT network, the healthcare facility may want to set up additional thresholds and filters for extra security; Like shutting the network or network segment down if there’s a spike in traffic. This can help with DDoS flooding other parts of the network and mitigating the spread of the attack. Additionally, most IoMT will communicate with generally the same things – monitoring stations, Electronic Health Record, Picture Archiving and Communications Systems, and others. By segmenting IoMT to their own isolated network and limiting what the devices communicate with, network traffic can better be managed to prevent incidents impacting clinical care.
6. Centralize and segment connected devices.
The site should segment devices into a zoned-architecture-approach by putting medical devices into one zone, printers/file servers into a different zone, etc. The site must monitor those devices properly, and set monitors to make sure they can manage all of these connected tools. The healthcare facility must always know what their devices have access to. Are they accessing PHI/PII? Do they store that data or is it all just transient? This will dictate the way you set up security policies for your connected devices.
7. Monitor user behavior and access control mechanisms.
The healthcare facility must ensure users have the correct permissions based on the least-privileged concept and role-based mechanisms. Once the facility has these roles and permissions defined correctly, the site should be continuously monitoring user activity especially for heightened levels of privilege (eg, administrator) to ensure there is a process in place to reduce the risk of an insider threat. Use firewalls and routers to establish whitelisting for medical devices so that they only send/receive data to established and known sources/destinations. This helps to reduce the attack vector on medical devices.
8. Always test these systems and maintain visibility.
The healthcare facility is going to have to be as agile as the devices that are coming into their network. New network and wireless architectures assist with the management and control of all those new devices coming in. Never lose sight of those IoMT devices, and build a good monitoring platform now. The more things that connect into the network the more difficult it will be to monitor them all. Having an established and well-planned network architecture will help with the incorporation of new devices.
9. Train your user community on good security practices.
Make security awareness a routine part of their day. They should be aware of the equipment and their surroundings and should report anything that seems out of the ordinary, regardless of how small it may seem. The user community is the first line of defense against attacks, and can sometimes identify things that are wrong faster than technical solutions can identify them.
In a dynamic healthcare environment where more data is generated, stored, tracked, and analyzed than ever before, cyberdefense becomes more critical with each newly introduced technology. However, as networks grow, they become more cumbersome, which reduces IT teams’ abilities to think proactively and stay a step ahead of attackers.
Combining automation with a system of best practices, policies, and procedures is an essential step toward giving healthcare IT administrators the tools to implement forward-looking security measures every time a network expands and new IoMT devices are added.