Sector’s Increasing Interconnectedness Poses Healthcare Cybersecurity Risks

October 12, 2022 - Healthcare, like any other industry, is increasingly relying on internet-connected devices to facilitate day-to-day operations and workflows.

The interconnectedness of healthcare means that security practitioners are tasked with juggling a combination of IT, OT, IoT, and Internet of Medical Things (IoMT) devices amid a volatile cyber threat landscape.

Vedere Labs, the research arm of Forescout, analyzed anonymized device data in Forescout’s Device Cloud from almost 19 million devices between January 1 and April 30, 2022 and found DICOM workstations, nuclear medicine systems, imaging devices, PACS, and patient monitors to be among the riskiest IoMT devices.

It is important to note that any device connected to the internet carries some level of security risk.

However, internet-connected medical devices pose unique risks to the sector due to the fact that many remain in use for a decade or longer, as the Federal Bureau of Investigation pointed out in a recent notice.

Additionally, some organizations may struggle to maintain a reliable device inventory and patch management program. Even so, these devices provide critical services to patients, and the security risks do not outweigh the immense benefits that these devices provide in a clinical setting.

Vedere Labs researchers calculated device risk based on a multifactor risk scoring methodology encompassing configuration, function, and behavior considerations.

Specifically, Vedere Labs looked at the number and severity of vulnerabilities on the device, the potential impact on the organization if the device was compromised, and the reputation of inbound connects to and outbound connections from the device. Next, researchers calculated averages per device type to determine the “riskiest” devices.

“The actual type of medical device in our ranking is less important than the fact that they reflect the ongoing trend toward digitalization in healthcare, where medical devices are connected to the IT network and can generate and exchange patient data with other systems,” the report noted.

IT devices are still the most common initial access points, the report noted. However, it is crucial that organizations assess risk across their entire enterprises.

“Organizations must start with a complete, automated, and continuous inventory of their IoMT devices. Once all devices and their configurations are known, the next step is a risk assessment process that will highlight the devices that need special attention,” Daniel dos Santos, Forescout’s head of security research, told HealthITSecurity.

“After risk assessment, mitigation actions can take place such as patching known vulnerabilities, hardening devices by disabling unused services, using strong and unique passwords, segmenting the network to isolate risky devices and finally implementing comprehensive network monitoring to detect attempts to exploit devices.”

These mitigation tactics must be applied to every device on the network, dos Santos stressed. Cybersecurity solutions and strategies that work in silos will not adequately account for the growing attack surface. Rather, a holistic approach is needed.