With new innovative health tools being developed regularly, healthcare and IT professionals are tasked with ensuring they are adopted, deployed, and used in the most efficient and effective way possible. HIMSS, the Health Information and Management Systems Society, facilitates this execution by bringing together its community of 70,000 individual members, 630 corporate sponsors, and 450 nonprofits to collaborate and learn from each other, as well as from experts in the field, to improve care initiatives through digital capabilities.
Secure from the Start
Secure from the Start: Why Medical IoT Needs Protection Now, led by Ladi Adefala, Fortinet’s Senior Security Strategist, and Hussein Syed, CISO at RWJBarnabas Health, held last March 9. These two healthcare cybersecurity leaders examined how medical IoT improves patient care and medical research capabilities through data collection, analysis, and storage capabilities, but also simultaneously open up patients and healthcare organizations to increased cyber risks. They discussed how healthcare organizations can address these risks moving forward in order to continue to give patients the best possible care without compromising the security of their data.
Medical IoT Risks
Medical IoT devices have generally been designed to perform their medical function, with little focus put on other necessary capabilities such as security. Far too often, medical IoT devices are distributed with no endpoint security and outdated, vulnerable OSes and applications. Hackers have taken notice of this trend, and are now actively targeting these devices to establish a foothold in healthcare networks to facilitate locating and exfiltrating valuable data.
As our presenters will point out, vulnerable medical IoT devices can be used as a back door to “land and expand” using three basic steps:
- Reconnaissance: Cybercriminals search for known instances of vulnerable devices.
- Exploit: Armed with knowledge of vulnerable devices, cybercriminals will exploit them through vulnerabilities and architectural flaws.
- Expand: After successfully compromising an IoT device, cybercriminals will move laterally across the network to exploit additional vulnerabilities and gather information. To break this cycle and ensure the protection of patient data, healthcare organizations have to secure these at-risk devices with additional security controls.
Integrated Security for Medical IoT
In the healthcare space, security and resource allocation for IoT devices moves beyond business critical to, in some cases, lifesaving. In these environments, legacy point solutions can’t be relied on to provide the cohesive visibility, security, and service assurance across the entire network that today’s medical IoT devices require. As the IoT expands, securing it must evolve beyond simply onboarding and classifying devices. It requires the allocation of necessary network resources, provisioning, or service assurance around operational functionality. To achieve this, medical IoT requires a fabric approach to security, with every element of security and infrastructure working together to evaluate and mitigate threats at every intersection across the elastic and distributed network.