Understand how to secure IoMT devices against cyberthreats
When it comes to the Internet of Medical Things (IoMT), healthcare providers have powerful tools at their disposal for capturing and contextualizing vast troves of data useful for improving care outcomes and driving profitability. Securing your IoMT network is critical to not only the benefits of your connected devices and network infrastructure, but also prevent catastrophic digital attacks.
Globally, there are around 420 million connected medical devices in deployment, with a further 70 million or so devices expected to be installed by the end of 2019, according to BI Intelligence. With IoMT devices so prevalent, cybersecurity is fast becoming a critical success factor for forward-looking healthcare delivery organizations.
What is IoMT?
Before we dive into the strategic and technical details, let’s define our terms. The term IoMT generally refers to two groups of devices. The first group is connected medical devices like patient monitors, lab devices and in vitro diagnostic products.
The second group is made up of devices that support clinical administration and operational workflows, which includes assets such as nurse calling devices, label printers, sensors and controllers.
While it might be tempting to approach these technologies with a set it and forget it approach, the way in which you configure, maintain and interact with your IoMT devices can have a large impact on the security of your network. A review of more than 30 hospitals found that 61% of devices are at risk, offering would-be intruders no shortage of actionable attack vectors through which they can compromise your entire organization, according to CyberMDX .
Thankfully, some of the most common risk factors associated with IoMT devices can be addressed with a combination of software solutions and strict governance. These risks and their remediations include:
- Devices with default passwords: Set unique, strong credentials for all devices and services.
- Unpatched software: Set a routine patching schedule and monitor for urgent patching needs.
- Rogue software: Audit devices for rogue software and conduct uninstalls as appropriate; restrict permissions to prevent future rogue installs.
- Unauthorized network access: Configure the Network Access Control system with better defined and more vigilant security policies.
- Device misuse: Restrict internet browsing to pre-approved whitelisted destinations, allowing new destinations upon request.
- Malicious activity: Ongoing surveillance of your IoMT network to proactively identify and patch potential vulnerabilities, reducing the likelihood that attackers can compromise the system.
- Lack of containment: It’s important to not only prepare to repel attacks before they land, but to have controls in place that allow you to contain and expel them should they pass through your defenses. To this end, you should construct and enforce a network segmentation regime not only at the perimeter, but internally around endpoint groups that share similar clinical applications and network workflows.
The good news is that these risks can be largely marginalized with a little due diligence and strategic planning. The bad news is that, if left unaddressed, every device at risk represents a potential point of failure.
Real-world consequences of these vulnerabilities are significant
Data breaches are no small issue for any business, but healthcare organizations have even more to lose. Whereas other industries only have to worry about customer data, healthcare organizations must contend with the possibility that a breach can put patient safety at risk. A successful breach essentially opens the door for attackers to interfere with — or even shut down — the delivery of care.
In the healthcare industry, the cost of a data breach is roughly double the global average of data breaches in other industries. Some of the most high-profile healthcare breaches have seen millions of patient records stolen in a single instance, and all it takes is one vulnerable device to provide a malicious actor with access.
Establish a live inventory for asset management
The steep costs associated with a cyberattack should be enough to convince any conscientious healthcare provider of the need for a comprehensive and proactive cybersecurity strategy. Crafting such a strategy requires first understanding where the typical gaps occur and then moving to fill them.
Perhaps the most foundational aspect of your IoMT security strategy is automating inventory management of the connected assets in your deployment. Some sort of directory should be produced to reflect all the devices in need of protection and where they lay within your network topography. Once you have eyes on the whole of your digital domain, you can begin to intelligently plan for its sustained protection. In other words, you can’t secure what you don’t see.
The importance of automation
With a continually expanding network of connected devices, automation is key. Healthcare networks are becoming rapidly more complex, forcing some IT teams to fall into a keep the lights on pattern rather than a more proactive, big picture approach. Automation can boost processes across the board, saving time and resources while also increasing coverage.
Any automatic mapping solution should include high granularity device classifications, which not only account for a wide range of devices in detail, but also place those devices within the context of the organization and the wider healthcare ecosystem. For example, your automated mapping solution should recognize the difference between a device that captures personal health information and one that doesn’t. Your solution must then be able to prioritize the more sensitive devices from a security standpoint.
While automatically identifying and classifying medical devices according to the most predictive operational and cyber factors is critical to IoMT success; it’s also far easier said than done. With so many different variables interacting in a fast changing regulatory, protocol and human behavior ecosystem, rule-based, programmable logic alone is ill-suited to the task. In an effort to avoid a Sisyphean predicament, smart solutions often enlist machine learning technology to assist in the process.
Cybersecurity strategy and tool integration
Comprehensive IoMT management means that your cybersecurity strategy and tooling must integrate with your broader IT strategy and tooling, which must also integrate with your broader business strategy and tooling.
As far as security is concerned, it’s important that solutions complement existing capabilities, including adjacent systems, without compromising operational integrity in any way. This includes integration with the organization’s computerized maintenance management system, which helps better manage inventory and keep devices up to date, as well as your electronic health record system, practice management software and any other significant HIT tools used by your organization.
Seamless integration is a must to ensure that data is shared as effectively as possible, and that day-to-day workflows are not disrupted by the introduction of a new, incompatible technology.
Operational analytics grant insight
To maintain security and move toward operational excellence, you need a mechanism for contextualizing the expanding troves of data captured from each connected device in your IoMT network. An ongoing risk analysis framework needs to keep pace with the real world as threats evolve and new vulnerabilities are discovered.
Machine learning can and should be used to automatically flag potential vulnerabilities or anomalies, and notify the appropriate managers, so they can respond quickly. You should not only receive actionable insights on the individual device level, but in the aggregate as well, presenting a departmental and organizational overview of your risk profile.
Effective operational analytics gives your organization the ability to prioritize potential threats and work to fill security gaps before they’re exploited. An ongoing automated risk analysis mechanism means your team will continuously reprioritize and refocus its efforts as needed.
Proactively defending your IoMT network
In a dynamic healthcare environment where more data is generated, stored, tracked and analyzed than ever before, cyberdefense becomes more critical with each new introduced technology. However, as networks grow, they become more cumbersome, which reduces IT teams’ abilities to think proactively and stay a step ahead of attackers.
Combining automation with a system of best practices, policies and procedures is an essential step toward giving healthcare IT administrators the tools to implement forward-looking security measures every time a network expands and new IoMT devices are added.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.