Medical devices may not be the first priority when healthcare organizations address cybersecurity, but risk managers should make sure they are included in defensive efforts, say cybersecurity experts.
Anything connected to your network is a potential attack vector for sophisticated hackers, warns Troy Kent, threat researcher with Awake Security in Sunnyvale, CA.
“All that a person with malicious intent needs is one unsecured entry point to then move laterally and access medical devices and systems holding PHI. By the same token, any IoT or connected device, such as personal devices, that’s brought onto the network could become a gateway for hacking medical devices, potentially leading to physical harm to a patient,” he says.
“At the most basic level, security practices like multifactor authentication and network segmentation are necessary. But also enabling hospital security teams to identify and respond to threats quickly,” he says “The challenge here is that these teams are often blind to nontraditional attacker targets like the medical devices.”
It is not always simple to spot malicious intent.
“For instance, how do you differentiate between malicious tinkering with an insulin pump vs. a legitimate change ordered by a medical professional? It all looks the same to the untrained eye, and putting the broader context together takes time and skill,” Kent says. “The good news is a new breed of network traffic analysis tools can identify and profile these devices and then automate the behavioral analytics and threat-hunting needed to spot attacks.”