The Emerging Risk
The Healthcare industry is improving its employee productivity and patient-care experience through the deployment of Internet of Things (IoT) devices. These devices range from medical equipment (MRI machines, infusion pumps, CAT scanners, vital sign monitor, etc.), mobile devices, wearables, implantable gadgets, radio links, time clocks, streaming devices, IP cameras, smart door openers, network-attached storage and more.
So, what new risks are brought on by these new productivity and patient-care improvements?
IoT devices exponentially increase the cyber-attack surface, especially as vendors and bring-your-own-device policies add new and unrecognized assets onto a healthcare provider’s network. Thus, many organizations are (1) not aware of their IoT assets, (2) lack the ability to monitor and manage the assets and (3) do not understand the changes required to cyber security policies for IoT.
Not only do the common risks exist in IoT (such as being used to obtain user credentials, trade in black markets, create botnets used in denial-of-service attacks, execute click-fraud, send spam mail, obfuscate network traffic and even sabotage) but now we have patient safety to consider. Hacks into pain-management pumps, remotely-managed pacemakers and insulin pumps have all been in recent news and are predicted to be just the beginning of patient-health IoT breaches in Healthcare.
The attack surface has increased; the stakes are higher, and organizations must adapt.
I should be asking, and I should be hearing
- Identification. Do you have a validated asset list with levels of associated criticality attached? What is the process for asset validation?
Yes, all newly deployed assets must first be done with xx Security Operations Center routinely scans for rogue assets,
- Prevention. Have you implemented considerations posed by the National Institute of Standards and Technology (NIST)?
Yes, we have documented and provided enterprise-wide training for IoT risk and mitigation challenges; we have adjusted organizational policies and processes and implemented updated mitigation practices.
- Prevention. What are the good-hygiene cyber security methods in place today?
Examples of our in-place processes to ensure cyber security include real-time monitoring and patch-management, devices are scheduled to reboot on a schedule to eliminate any possible malware stored in memory, antivirus is up-to-date, configuration checklists are applied to all assets at least once per year (e.g. two-factor authentication, restricted network access, least-role access, changing default admin password), user access is validated annually, network firewall prevents access from all unnecessary IP, IoT devices are segregated from all other networks, security training happens at least once per year for all employees.
- Detection. What methods are employed to detect IoT compromised assets?
We monitor for spikes in internet use, degradation of network performance, unusual outgoing traffic. This is monitored by using OT scanners, passive network scanners and machine log aggregation. Data are fed into a Security Information and Event Management (SIEM) tool where analytics are applied and monitored by our Security Operations Center (SOC).
- Remediation. How are rogue assets dealt with?
The SOC team will identify assets on the network which are not on the registered assets list and determine the physical location of the asset. After physical inspection, the SOC team will work with the business staff to either onboard or remove the asset from the network.