IoT Security Risk in Healthcare Industry
There has been a surge in the number of cyber-attacks on the healthcare industry in the past 5 years affecting more than 100 million people worldwide such as Anthem medical, NHS-UK and last year Singapore government’s health database. One of the key reasons is that hospitals and health care centres can be hacked easily due to the appalling state of medical device security.
Let’s try and understand few realistic scenario such as
Shutting down of Blood bank deposit fridge
The image backups repository of X-ray machines are exposed, patient treatment records intercepted are interchanged, drug pumps reprogrammed with different dosages.
Life support equipment crashes during critical ongoing surgery. All this can easily happen with ease and a few of the aforementioned scenarios have occurred too.
IoT vulnerabilities are scanned by cyber criminals at a frenetic pace than ever before. As per one of the AT&T experts there has been a dramatic 458 percent increase in IoT vulnerability scans against devices.
"Even Gartner predicts that 1/4 attacks by 2020 will involve IoT".
There are 2 major concerns which are imperative for any healthcare providers that needs urgent attention to detail i.e. Data Protection and IoMT (Internet of Medical Things). Both of these issues need a top down approach since it cannot be dealt in silos or by IT alone.
Critical Challenges faced by Healthcare providers
First of all, Healthcare organisations collect and store heaps of patient data such as personal information and health records making them a major target for cyber-criminals which can be used for identity theft by attackers. Hence a comprehensive information security strategy needs to be adhered encompassing people process and technology. This can only be achieved by ingraining risk in the DNA of the organisation and creating a risk averse culture.
Secondly, connected devices (IoMT) have over grown manifolds throughout healthcare providers like hospitals, clinics, diagnostic centres etc. IT teams are just unable to manage, monitor, refrain them and ensure patient safety. The best SIEM tools that assist and augment AI based machine learning and behaviour monitoring solutions are currently unable to provide complete visibility and have challenges around the scale of deployment and monitoring them.
Furthermore, stiff IT budgets and getting management buy-in make matters worse for healthcare providers. Although the industry perception is changing gradually but most medium to enterprise grade healthcare providers still focus on the traditional endpoint and network based approach and are still in defiance for a holistic approach towards a future proof scalable strategic approach. This makes them an easy target for the cyber criminals to attack and thus healthcare is one of the most breached industries.
To overcome these challenges it is the need of the hour that any federal government should consider healthcare sector as part of critical infrastructure like many developed nations such as US and UK. Alongside that a cyber security framework and clear defined guidelines for healthcare sector should be part of the charter. This will outline the goals for healthcare organisations to achieve them and get rated by the federal authorities accordingly. This holistic approach will also enable sectors dependent on healthcare such as Insurance and TPA’s to adopt this practice going ahead.
It is also the role of CISO or CIO to acknowledge and understand the shortcomings. Get stakeholders buy-in by sensitising senior leadership by bringing about mindset or a cultural change by ingraining risk in the DNA of the organisation and creating a risk averse culture. This can be achieved by the putting across a Cyber Security Strategy and framework by encompassing people, process and technology. Hence it is imperative to get a current state assessment done internally and then vetted by a third party consultant to highlight the gaps or lacunae. This will safeguard strategic business interest & secure vital information assets and provide a strong base to embark on the data protection cum information security journey.
Lastly it is important to have the right technology solutions which are currently ahead of the curve, futuristic and scalable. Even as per SANS definition of IoT device the unmanaged and single-purpose IoT present's the biggest security challenge to organisations. One of the primary reasons being we can't protect what we don't know about that includes unmanaged, medical and scada devices.
Everybody talks about the multi-pronged or multi-layered approach towards security solutions ranging from perimeter to endpoints followed by network scanners, vulnerability management tools, SIEM and top it up with Security operations Centre to know what’s on the network, whether it is vulnerable and to monitor the behaviour i.e. what is it doing and where.
This is old school and although needs to tasked being part of security operations. Attackers are very well aware of this approach, usually can camouflage and enter the network easily. To add to this the amount of investment in terms of technology solutions such as SIEM coupled with the round the clock security operations centre is huge.
This can be easily negated by an ideal solution such as Securolytics which gives complete visibility of your network, deploys hassle free within minutes, agentless, passive in nature, doesn’t collects any sensitive traffic or data such as PHI/PCI. Lastly and most importantly, does not intervene in daily operations or crashes devices due to scans, hard coded default password or their internal firewalls.
The new breed of cyber security professionals are working towards making this possible, lower TCO and the ease of maintaining and sustenance. Since security is a support function there needs to be a justified ROI to the management. A holistic approach towards this issue needs to be adhered to overcome the industry challenge by initiating the following:
A) Data protection framework with clear defined policies and processes needs to be adopted by organisations.
B) IoT/IoMT challenges needs to be prioritised by embarking on futuristic cyber security solutions.