In the last few years one of the most significant improvements in modern healthcare has been the introduction of automated and connected technology to help treat patients and diagnose ailments faster.
These technologies, which are dubbed the Internet of Medical Things (IoMT), range from connected wound dressing, which administers painkillers to patients directly when required, personal emergency response systems (PERS), that can track events like falls or heart attacks and will automatically call for help, to infusion pumps that automatically change the levels of medicines being administered to patients.
Furthermore, healthcare organisations are also experiencing an influx in connectivity across their entire digital terrain, with the average institution deploying over 20,000 connected devices on its networks, comprising of lighting, air conditioning, workstations, and clinical equipment.
These are all routinely being hooked up to the web to improve efficiencies, reduce manual overheads and cut costs.
However, the one drawback to the growing number and diversity of connected devices is the introduction of new cybersecurity risks.
As healthcare environments become increasingly digitised, their vulnerability to cyberattacks also grows.
The vulnerability of connected healthcare environments
The ability to compromise devices and networks, and the possibility of monetising patient data, have led to an increase in the number and sophistication of cyberattacks targeting healthcare organisations in recent years.
As a result, healthcare organisations have become a prime target for cybercriminals, with data highlighting that there was a 71 per cent increase in attacks targeting them in 2021.
Cybercriminals can now target healthcare organisations through the plethora of connected devices on their networks, allowing them to reach the hospital IT network and then move laterally across their environment to target clinical and medical equipment.
This provides ample opportunity to not only steal confidential healthcare data for monetisation, but to also disrupt medical processes or hold entire healthcare environments hostage through ransomware attacks.
Unlike traditional attacks, when it comes to healthcare organisations, it is people’s lives that are put in the firing line.
An example of a healthcare cyber incident came to light earlier this year when Forescout discovered a series vulnerabilities dubbed Access:7 in PTC’s Axeda agent.
The agent enables device manufacturers to remotely access and manage connected devices in healthcare environments, but flaws discovered in it meant that cybercriminals could also remotely access these devices maliciously.
Before they were patched, the vulnerabilities provided attackers with a way to gain access to the devices from remote locations and from there they could access the healthcare network, steal data or even disrupt medical functions.
Tamer Baker
Given the risks presented, when healthcare organisations are looking to modernise their environments through the introduction of IoMT, security must be rolled out in tandem.
So, what are the best practices to secure connected healthcare environments?
Best practices to improve the cyber defences of healthcare organisations
- Focus on visibility
You can’t protect what you can’t see, so the most important foundation for healthcare cybersecurity is visibility.
This means keeping an accurate inventory of all connected devices on the network, across IoMT, IT, IoT and Operational Technology, then identifying their interdependencies and taking steps to secure them.
- Legacy devices and operating systems
Accurate identification and classification of medical devices running legacy operating systems are paramount for risk mitigation. Devices that cannot be retired or patched should be segmented appropriately to restrict access to critical information and services only.
- External communications and exposure
Network flow mapping of existing communications is not just a prerequisite for designing effective segmentation zones, it also provides a baseline understanding of external and internet-facing communication paths.
This can help identify unintended external communications and prevent medical data from being exposed publicly.
- Insecure and unencrypted protocols
Start with a network flow mapping project to identify protocols in use. Whenever possible, switch to using encrypted versions of protocols and eliminate the usage of insecure, clear-text protocols such as Telnet. When this is not possible, use segmentation for zoning and risk mitigation.
- Default, weak or hardcoded passwords
Identify and remediate weak and default passwords. A single weak link on a network segment can compromise the entire segment. If hardcoded passwords cannot be remediated, leverage segmentation for zoning and isolation.
- Effective segmentation
Segmentation can be used as a compensating control and risk mitigation technique. It is also a best practice for compliance ring-fencing, limiting lateral movement and reducing the blast radius of attacks.
While there is increasing awareness of the benefits of segmentation, examples of over-segmentation, undersegmentation and poorly designed segmentation zones abound.
Start by accurately identifying devices you want to segment by business context and understanding existing network flows between device groups. Then design appropriate zones and access policies to gain the positive security outcomes of segmentation.
By taking these steps, healthcare institutions can benefit from the vast array of connected devices, while also protecting their operations, and most importantly, patients.
