Dated devices, dated security tools, and dated processes plague health and medical verticals
EHR vendor QRS began notifying its clients of an August cyberattack that exposed the PII and PHI of nearly 320,000 individuals. The attack occurred between August 23rd and August 26th 2021 respectively, when a hacker accessed one QRS dedicated patient portal server.
- UNC Health in North Carolina faced a data security incident involving the PII of 946 patients. Within UNC Health’s EHR system, patients can use a billing field to identify an individual who is authorized to have access to their billing information.
- Florida-based Nationwide Laboratory Services, which was recently acquired by Quest Diagnostics, announced that it fell victim to a ransomware attack in May 2021. Ransomware actors began encrypting files and may have removed a limited number of files from Nationwide’s network.
- McAfee researchers recently discovered vulnerabilities in two types of B. Braun infusion pumps that may allow hackers to remotely manipulate medication doses.
- Lastly, the US Food and Drug Administration (FDA) recently issued a recall on a family of Medtronic insulin pumps due to cybersecurity concerns.
The list goes on and on…
Good security is a blend of people, processes, and technology and medical device security is no different. Scaling it more difficult is however. With an average of 10,000 connected devices in each hospital.
Recommendations for IoMT
We have a back to basics series where we recommend security best practice basics, not pitches for our wares, for better password management, least privilege, and modern tooling.
- Best practice is to know what’s out there, and more importantly, know what you can do about what’s there, and then do the right thing for that device at the right time, in the right way
- Know what’s on your network – ideally automated scanning across managed and unmanaged devices and infrastructure, and then maintaining a comprehensive, up-to-date inventory
- Use intelligent assessment of behaviour across all factors – Accurately identify device vulnerabilities and risks by device, user, time of day, location, job department,
- Use tools that overcome unsecure devices – many IoT devices and most older ones have very limited security capabilities. Modern security has been built to defend against gaps inherent in IoT
- Eliminate time-consuming manual data collection processes – the average hospital has 10,000 reasons why (see above). IoMT as with other device categories are growing at a rapid clip so manual work of any kind will become more and more futile as time goes on. The power of SaaS enables you to scale quickly with cloud-based management and analytics that support any size network any number of locations.
- Make data-driven device management and security decisions across platforms – consider a platform that truly integrates with security and IT leaders – Rip and replace is incredibly difficult and expensive
Our agentless, AI/ML-driven platform identifies, analyzes, and manages device and infrastructure assets automatically to help you close security gaps like those – all in real time – all critical with today’s IoT, 5G, and work-from-anywhere megatrends in full swing.
Our mission, like yours, is to provide your employees, students, faculty and more with a safe, user-friendly and secure environment by:
- Giving Full visibility – with RF and Network sensors seeing 100% of your devices and infrastructure encompassing all stages of attack – infiltration, persistence, and exfiltration
- Reducing Mean Time to Resolution (MTTR )– with AI/ML-powered, automated remediation that drives >70% reduction in threat hunting times
- Boosting User Experience – by reducing support ticket volumes, lowering alert noise for a >60% gain in operational efficiency (~1.4 FTE Service Savings per site/ per shift)
Each of these benefits on their own can offer 5-6 figure USD savings per year, shortening the payback period on your investment.
The perfect cybersecurity storm has arrived. Consider intelligent device and infrastructure security today.
To learn more in a zero touch, no obligation Demo or POC, please contact us.