Story image

Connected medical devices pose serious security risks for healthcare firms

05 Mar 18

Healthcare organisations around the world may be using medical devices that come with serious cybersecurity risks, according to research coming from some US hospitals and clinics.

That research suggests that network traffic passing through internet-connected medical devices lack real-time insights.

Combined with a lack of solutions to secure those devices and no clear industry reports as to how to mitigate those risks, the study from Zingbox says there are many hurdles ahead for healthcare providers.

The most common connected medical devices include infusion pumps (deployed in 46% of surveyed healthcare firms), imaging systems, patient monitors and point-of-care analysers.

Other common connected devices include ECG machines, patient tracking, nurse call systems and medical printers.

Imaging systems have the most number of network applications at an average of seven per device – at least three of these are used for communications outside an organization.

Most other devices also include applications that communicate with other devices and servers within an organization’s network.

Security risks vary from outdated software or operating systems to rogue applications, unpatched firmware, unprotected or weak passwords, obsolete applications, risky internet sites and user practice issues.

“Imaging systems have the most security issues. They account for 51% of all security issues across tens of thousands devices included in this study. Several characteristics of imaging systems attribute to it being the most risky device in an organization’s inventory.”

“The distributed nature of imaging systems with devices, servers and various nodes interconnected, also contributes to many security issues. As noted earlier, imaging systems also house the most number of network applications per device.”

Virtual LANs (VLANs) are common ways of identifying and locating devices on the network as part of a micro-segmentation strategy to limit lateral infection.

88% of hospitals in this case have fewer than 20 VLANs containing medical devices – Zingbox says this is far too few VLANs to support any micro-segmentation strategy.

Only 2% of organizations have more than 100% VLANs – a clue that there may be over-segmentation in some networks.

“Note the void between these two extremes. We expect more and more organizations to fill in this area as they implement tools and processes to gain additional visibility into the device context and use it for onboarding.”

VLANs may not even be used for protecting medical devices, the research states. PCs take up 43% of VLAN monitoring; followed by medical devices themselves (23%), printers, tracking systems, IP phones, network equipment, smartphones and tablets, and surveillance cameras.

“Such wide range of devices found in medical VLANs promote cross contamination and lateral movement of infections. The first course of action organizations should take is to remove PCs from their medical VLANs, followed by tablets, and then other non-medical IoT devices such as surveillance cameras and IP Phones.”

“The non-medical IoT devices should be moved to other non-medical VLANs. Of course, in order to implement these changes, organizations must first gain visibility into their VLANs and be able to accurately identify devices.”

The report recommends three strategies for managing connected medical devices:

Real-time visibility into device deployment and inventory – Most healthcare providers lack the visibility into the devices deployed in their network and the network topology themselves. The first step to formulating an effective strategy is to base it on an accurate inventory of devices and network configurations.

Control rogue application and communications – Inappropriate or unauthorized use of applications account for a large portion of security issues identified across connected medical devices. Applying contextual enforcement policies based on the individual device types can greatly reduce the exposure to rogue applications and lateral movement of infection due to inappropriate use.

Develop strategies for top vulnerabilities and risks – No two healthcare organizations are alike. Hence, every organization should assess their deployment and identify their biggest vulnerabilities and risks. They should then prioritize their action plans starting with their biggest exposure.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).