Home Digital Asset Digital Innovation and Managing Cyber Risk

Digital Innovation and Managing Cyber Risk

by Lottar

“Southeast Asia, especially the ASEAN region where digitization has grown rapidly, has become an attractive target for cyber attack threats,” said Tamer Baker, VP of Global Healthcare at Forescout

Like any other industry today, the healthcare sector has made strides towards digitization and innovation. The role of technology has become mission critical within healthcare organizations, supporting their ability to deliver vastly improved services to patients and operate at much higher levels of efficiency. Southeast Asia, especially the ASEAN region where digitization has grown rapidly, has become an attractive target for threat actors. The challenge is exacerbated by an ongoing shortage of cybersecurity skills that often leaves security teams understaffed and unable to keep up with the increasing sophistication of cyberattacks.

The explosive adoption of technologies such as telemedicine and connected medical devices has helped streamline workflows and improve outcomes for both patients and healthcare professionals. Despite all the positive outcomes that technology can bring, it has greatly increased the challenge of securing a borderless environment where people, devices, applications, data and networks intertwine. If left unaddressed, an attack can affect a patient’s privacy, health and safety, along with financial and reputational damage.

Bridging the gap between healthcare and security

More Internet of Medical Things (IoMT) devices are being introduced into healthcare networks, especially with the recent rise in telemedicine. This has expanded attack surfaces that can be exploited by threat actors, creating operational challenges should these digital assets be breached or taken offline. Deloitte estimates that 70% of medical devices will be connected by 2023 – making cybersecurity for healthcare IoT a focal point in the industry.

Although critical to healthcare organizations, connected medical devices can make it difficult to ensure that patient data is kept secure. A study conducted by Forescout earlier this year is an excellent example of this. After finding potential security issues on the Axeda platform of IIoT solutions provider PTC, Forescout discovered seven supply chain vulnerabilities, called Access:7. These vulnerabilities affected more than 150 device models from more than 100 manufacturers. More than half (55%) of these affected providers were found to be in the healthcare sector.

Despite their appearance, HDOs often lack the capabilities that would provide them with comprehensive visibility into the network of connected devices, and the necessary access controls over them. This hinders efforts to identify critical events, zero in on the source of the problem, and respond effectively when an attack occurs or is imminent.

The future of cybersecurity in healthcare

Organizations can strengthen their IoMT security by orchestrating a solid foundation with a well-thought-out defense architecture. The overall strategy should focus on building protection for the most exploitable areas of the organization – connected medical devices and digital clinical assets.

Here are several essential steps that HDOs can take to establish a comprehensive cybersecurity strategy that is well-tailored for the digital-first healthcare landscape.

  1. Get complete visibility of your asset inventory

With an accurate, detailed and up-to-date inventory of connected assets, teams can fully understand what and where devices sit in their network environment. Through automated discovery, organizations will maximize asset visibility and accountability, making it easier to discover new vulnerabilities in a timely manner.

  1. Monitor all devices continuously

Since hospitals have a whirlwind of devices with different usage patterns, establishing a reliable monitoring system can help organizations accurately classify and evaluate assets. A detailed understanding of network traffic patterns is essential for security teams to properly group devices that serve similar functions and assign them the appropriate security policies and controls.

  1. Identify unauthorized interactions by cross-referencing endpoints with devices and protocols

It only takes one vulnerability for a threat actor to gain access and launch a cyber attack. Organizations must fully understand device endpoints and their role in the network. By checking your inventory against a database of known unique device identifiers (UDIs) and related communication protocols, organizations can identify any unauthorized network interactions and take appropriate action where necessary.

  1. Continually assess assets for vulnerabilities

Regular assessment for vulnerabilities is a fundamental part of an organization’s security plans, enabling security teams to proactively reduce risks of malicious attacks. Good asset and network hygiene involves reviewing devices for outdated or otherwise vulnerable software and operating systems, weak passwords, and known vulnerabilities that have yet to be properly patched. A Forescout study found that more than a third of healthcare organizations use devices running an unsupported version of Windows, which creates security risks.

  1. Baseline expected behavior for each device group

Collecting and evaluating relevant data on all assets within the ecosystem will provide HDOs with a reference point on the expected network behavior of each device group, enabling them to set the appropriate security parameters. Should there be any unusual anomalies, security teams can quickly identify and remediate threats.

  1. Use machine learning to detect anomalies

Going beyond asset visibility, another challenge is understanding what’s going on between connected devices. Using machine learning capabilities enables hospitals to monitor network communications and quickly extract information for analysis, and compare device behavior to identify potential anomalies.

  1. Audit your network structure before segmentation

An audit of the HDO’s network structure provides the necessary information for proper segmentation of devices. Without this in place, intruders who gain unauthorized access can move laterally to other networks or devices, enabling them to launch broader attacks across the organization.

  1. Enable rapid remediation with an integrated, single source of truth

All of the above insights should be packaged together to help ensure that network and device insights are integrated into the security team’s preferred interface – whether SIEM, NAC or network security system – to provide an improved organization-wide view of the network. That view should reflect real integration between your security tools and how they work together to take the right corrective action immediately and automatically. Outputs from these systems should also be aggregated into dashboards and reports to increase senior management awareness and confidence in your cyber operations.

  1. Perform continuous vulnerability testing

In today’s volatile cyber security landscape, vulnerability research must be performed regularly and for all devices deployed. Security configurations should be studied in a lab environment (disconnected from the actual network) for possible backdoors and security implications, with the actions taken in accordance with the vulnerabilities identified.

  1. Stay ahead of threats with continuous, automated cybersecurity

Networks must be continuously monitored to ensure that both segmentations and management do not deteriorate over time. If any network patterns are found to violate the established baseline, the device should be immediately isolated and, if necessary, flagged for review.

Take action for a secure future:

Cyber ​​attacks on the healthcare sector are on the rise. While healthcare data is a prime target for cybercriminals, attacks can have devastating, real-world impacts on human life and well-being, especially if critical devices are compromised. Now more than ever, the healthcare industry must reevaluate and update operational and security systems to strengthen defenses by adopting more comprehensive, automated cybersecurity strategies.

By Tamer Baker, VP of Global Healthcare at Forescout

Source link

Related Posts

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy