Patient care is undergoing a Renaissance of technological advancements. Electronic health records (EHRs), healthcare applications, and connected medical devices are improving doctor/patient communication by enabling real-time updates and greater interaction. Along with the many benefits of these devices, though, comes an expanded attack surface.
The healthcare sector is a high-value target for cybercriminals looking to gain access to personal health records, patient financial information, or proprietary research. Indeed, 95 percent of healthcare institutions confirm that they have been targeted by some form of cyberattack. Learning how these organizations work to protect their assets and patients provides lessons that all of us in cybersecurity can learn from.
For the healthcare industry, a data breach could result in more than just a financial loss. It could actually be life threatening to patients. So, in order to safely take full advantage of the opportunities of digital transformation, the risks associated with Internet of Medical Things (IoMT) devices need to be mitigated through a comparable security transformation that can ensure that a compromised medical device does not compromise the entire enterprise ecosystem.
Security Threats from the IoMT
The IoMT has rendered traditional perimeter security almost obsolete. Once a threat is successfully inside, there are usually few security measures in place to detect it or slow it down. This is one reason why IoMT devices are popular attack vectors. These internal endpoints have been authorized to access the network as an authorized user. Once deployed inside the perimeter defenses, IoMT devices have largely unquestioned access to the network’s data. This fact alone significantly increases the risk introduced to networks, because as an FDA report shows, there are an average of 164 cyber threats detected per 1,000 connected host devices.
Part of the reason is that far too many IoMT devices were not designed with security in mind – either for the devices or the data they collect – something the FDA is trying to change with its release of new industry guidelines for securing medical devices. But until those are in force, the reality is that these important technologies often also further increase the chances of a data breach.
Another complicating factor is that, due to the critical nature of how they are used, IoMT devices can be difficult to patch and perform maintenance on. If a medical device is performing a life-saving function, there can be no downtime for IT teams to update the firmware or implement software patches, if those things are even possible. This means that IoMT devices often continue to operate with known vulnerabilities that can be exploited by cybercriminals as an entry point to the network.
IoMT Security in Real Time
Because healthcare institutions are facing targeted cyberattacks — which are increasingly frequent and sophisticated — through their IoMT devices, healthcare providers must focus on threat detection as much as they do threat prevention. This is why it is increasingly important that healthcare networks employ SIEM (security information and event management) solutions as part of their network security strategy.
Real-time threat detection is made possible by SIEM solutions because they gather data and analytics from every solution deployed across the network to secure and protect it. This information is then cross-correlated and stored in a single location, providing healthcare IT teams with greater visibility into security incidents happening anywhere across the distributed network environment.
But detecting a threat isn’t enough. It’s just as important that IT teams have a mitigation plan in place in order to immediately and automatically respond once the SIEM detects a security incident. Automated response based on actionable intelligence can minimize the interval between the detonation of malware and its mitigation – thereby successfully stopping a compromised IoMT device from accessing areas of the network where data is stored. The addition of distributed network segmentation ensures that once a threat is detected within the network it will be isolated to a single location, thereby protecting the rest of the network from compromise resulting from a single hacked device.
Using Internal Segmentation
By internally segmenting the network, healthcare IT teams get a comprehensive overview of network traffic inside the perimeter, allowing them to detect anomalous activity that might indicate a breach or compromised IoMT device. This visibility into east-west network movement allows IT teams to see when devices, data, or applications/malware move laterally across the network into different segments. Internal Segmentation Firewalls (ISFWs) are designed to detect and stop malicious code from crossing from one segment of the network to another, thereby isolating the threat. Furthermore, ISFWs can also enable policy-driven segmentation, which assigns different levels of security clearance based on user identities and the nature of the devices or data operating within a particular network segment.
Inevitably, performance concerns may arise due to implementing and maintaining all of these network barriers. Which is why ISFWs are specifically engineered with enhanced performance capabilities that allow them to add a layer of protection to otherwise open networks without comprising speed by supporting wire-speed internal traffic, low latency, and high throughput performance requirements.
Safely Moving Forward
As healthcare providers adapt to digital transformation demands and increasingly integrate IoMT devices into their networks, they must understand that these devices, like any new technology introduced into a network, increase their chances of a data breach. However, instead of waiting for some fictional “safer” time to embrace digitization, providers can take advantage of the IoMT now through a security transformation that includes establishing strong security protocols, deploying highly integrated security devices tied to advanced SIEM technologies, and implementing dynamic internal segmentation as a critical additional layer of network and data protection.