Security by Sector: Medical IoT Gets Much Needed Dose of Cybersecurity

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

Information security risks and challenges in the healthcare industry are well documented and much maligned.

There are several reasons why the healthcare sector is particularly vulnerable, but one of the chief causations is the high amount of connected yet insecure devices commonly used within hospitals, clinics and medical centers. For example, a report from researchers at healthcare cybersecurity company CyberMDX discovered that connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit compared to other devices on hospital networks.

“Medical devices represent an especially hard challenge since these devices are now being connected to the network at all times, installed possibly in remote offices and clinics that lack resources to manage security and risk,” said David Jemmett, CEO, Cerberus Sentinel.

Solving this problem requires the medical community to recognize that cyber-threats are as real a possibility as any transmissible medical condition and look at it's cyber-response plans in the same light as it would any medical protocol, added Tim Mackey, senior principal consultant at Synopsys.

“This can and should include applying lessons from the zero trust world for mobile computing devices; whitelisting devices permitted on networks connected to patient record stores or treatment plans, and investing in auditable smart access technologies to ensure only approved clinicians and providers can access medical records.”

So that’s the immediate challenge for the healthcare industry, and it’s a significant one to face, but in some brighter news, it seems as though the sector has just been given a notable helping hand from provider of healthcare IoT cybersecurity solutions Cynerio.

The company recently announced the introduction of virtual segmentation for healthcare IoT security to its platform, claiming it will reduce healthcare IoT security project times from more than a year to weeks and provide confidence in continuous medical services.

In a description of the new capability, Cynerio said:

The virtual segmentation profiles device communications and generates East-West and North-South segmentation policies, allowing IT security teams to test the policies and monitor for violations before pushing it to live clinical network environments. The AI-based technology groups devices and segments them according to network behavior while risk is prioritized based on device criticality and medical impact. The platform then monitors the network to ensure all traffic is compliant with policy, and provides tools to refine it, sending automatic updates when policy is safe to push to firewall and NAC.

“The challenge of achieving safe and effective segmentation is what inspired us to develop the virtual segmentation capability for our customers,” explained Leon Lerman, CEO and co-founder of Cynerio. “Our top priority is making healthcare IoT security projects as easy and painless as possible by helping hospitals safely navigate the risks of immediately enforcing segmentation policies in clinical environments.”

With information security risks so prevalent and potentially damaging to the healthcare industry, and given that connected medical devices play such an influential role in those risks, it is both reassuring and reaffirming that security companies such as Cynerio are taking noteworthy strides to helps address the issue of medical IoT insecurity.

What’s hot on Infosecurity Magazine?