Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
Connected medical devices are a core piece of improved patient care for the modern health delivery organisation.
As more internet of medical things (IoMT) and connected equipment get installed in HDOs throughout Australia, patient care improves and infrastructure becomes more modernised. Unfortunately, security has been an afterthought at best in the rush to add more IoMT devices and more network-accessible medical equipment.
As a result, HDOs are under threat from cyber criminals, and have minimal defences. This state of affairs has created an environment where Australian HDOs are the most targeted industry. For the first six months of 2023, the Office of the Australian Information Commissioner (OAIC) noted that the healthcare sector covered 15 per cent of all breaches under the Notifiable Data Breach scheme. This makes HDOs the most common sector for threat actors to target, followed closely by the financial sector at 13 per cent of all notifications under the scheme.
Further complicating the issue is that 81 per cent of breached HDOs took more than 30 days to identify that a breach had even occurred. This length of time to notify authorities of the breach is only made worse by the fact that it took 85 per cent of breached HDOs more than 30 days to notify OAIC of the occurrence of a breach.
This is problematic in the extreme – Australian HDOs are thus the most targeted of all sectors, take a long time to identify that there’s an issue, and take a long time to notify the government of the problem.
With the average cost of a breach in Australia rising to more than AU$4.2 million (US$2.7 million), according to IBM’s Cost of a Data Breach Report, HDOs can ill afford to not make a change in how they’re securing connected medical devices and infrastructure.
These few suggestions are the very beginning of what HDOs could and should do to improve security for their connected medical devices and equipment.
Security readiness should expand beyond the cyber security teams directly responsible for incident response and deploying controls on informational infrastructure. Health technology management (HTM) and IT teams also need to be integrated into cyber security planning. HTM teams with security integrated into their workflows can ensure that connected devices have the right updates applied and validate any need for more robust protections.
Network-accessible and internet-discoverable connected devices need to be discovered and the data pulled into a centralised dashboard for visibility. A full map of connected medical devices empowers cyber security and HTM teams with better insight into the network architecture of the HDO. This mapping can be accomplished with a scanning solution that gathers data from an external perspective, and augmented with HTM teams performing proactive maintenance on equipment that did not show with an automated scan. The final data should include the operating system in use on the device, what data is collected, and who potentially has access. Gathering as many parameters as possible from each connected medical device will provide enhanced visibility into the network architecture.
With the newly discovered connected medical devices, whether they’re IoMT, OT, or otherwise, integrated into a centralised dashboard for visibility, the next step is to understand what security vulnerabilities exist on the device and what risk they pose to the HDO. This can be done with a vulnerability scanning tool that runs throughout the network and services any known vulnerabilities as identified by the Australian Cyber Security Centre (ACSC). Many vulnerability scanning tools tend to leverage the CVE database to identify software and hardware weaknesses. Once these are identified, there should be a determination of whether an attacker can actually take advantage of that vulnerability for that device in the organisation and if they can, what is the priority of the risk posed by the vulnerability in the organisation. The riskiest vulnerabilities should then be mitigated by specific targeted actions or patching to improve the security of the HDO at large.
Anomalous traffic or behaviour is often the first indicator of a cyber security incident. Armed with a baseline understanding of normal connected medical device behaviour, cyber security teams need to implement policies to identify and respond to abnormal traffic or actions. These policies need to account for the specifics of how an HDO’s network operates to further differentiate traffic that might carry concealed threats. Detection that allows for threat modelling, machine learning, and crowd-sourced intelligence will enhance policies focused around proactive defence and improve response speed. Considering IoMT and OT devices in context is important to ensure the organisation is fully protected.
Understanding the correct context of medical devices and closing security holes are irrelevant if there are no investigation procedures in the event of a successful incident. Security teams need to be equipped with complete visibility into how their connected medical devices communicate with each other and the ability to track emerging attacks across those communication vectors. Regular network packet data captures can provide this visibility, which should also be shared with clinical teams in case there are any impacts on patient care.
Connected medical equipment, whether IoMT, OT, or otherwise, help HDOs provide improved patient care and ultimately better health outcomes. Protecting these critical medical devices doesn’t have to be complicated, but it does require some investment in new processes, new technologies, and new procedures. These five tips, which include creating an accurate inventory, mitigating the most critical vulnerabilities, and enabling robust threat investigation empower cyber security teams to make their HDO safer and ensure long-term community health.
Shankar Somasundaram is the founder and CEO of Asimily.
Comments powered by CComment