COVID-19: What healthcare IoT cyber security learned from the first wave

Healthcare organisations, like hospitals and medical research institutions, have been hit hard by the COVID pandemic and cyber criminals have, unfortunately, taken advantage of the situation. Cynerio CEO, Leon Lerman reports that attacks have risen by 300% since the pandemic started.

If a lesson can be taken from the first wave of COVID, it’s that the healthcare industry can take preventative measures to fortify clinical networks, preserve medical services, and ensure patient safety today and in the future.

Understanding healthcare’s cyber vulnerabilities

Now, everyone’s talking about Wave 2. In order to secure our hospitals, we have to look at why they’re so targeted and difficult to secure in the first place:

  • Connected medical devices, or Internet of Medical Things (IoMT) devices, are notoriously vulnerable to cyber threats. Many weren’t designed to connect to networks and don’t have any built-in cybersecurity protocols. More than 70% of IoMT devices run unsupported Windows operating systems (e.g. Windows 7) that are no longer supported and can’t be patched.
  • Standard security tools don’t work for healthcare IoT. IoMT devices have unique communications patterns (think heart monitors communicating with nurse stations or MRI machines communicating with their vendor for routine maintenance). Without medical context, standard firewall and NAC policies could disrupt the normal function of critical devices and jeopardise patient safety.
  • Clinical network topologies are in a constant state of flux. There are around 10 billion IoMT devices connected to the global clinical ecosystem today, with over 50 more connected each second, and 50 billion projected by 2028. The majority are connected without security checks, and thousands are moved between wards and off-campus sites completely unchecked. Keeping track of them all without an automated IoMT asset management solution is pretty much impossible.
  • The variety of cyber attacks on healthcare has expanded. In the past, healthcare was typically targeted by sophisticated, state-sponsored attacks. Today, due to the vulnerability of the healthcare industry, amateur hackers carrying out simple, generic attacks on non-medical devices that happen to be connected to clinical networks (e.g. security cameras, PCs, game consoles) can cause serious harm. Hospitals need to be prepared for a variety of spontaneous attacks every single day.

COVID’s impact on healthcare network security

The pandemic has made the industry’s cybersecurity challenges more complicated:

  • Hospitals are understaffed, from medical staff to IT and cybersecurity professionals.
  • Adoption of remote work and telehealth has spiked and is probably here to stay, expanding the attack surface of clinical networks and providing uncountable entry points for hackers.
  • Equipment shortages alongside a surge of patients in crisis mean devices are hooked up to the network without any cybersecurity checks.
  • Emergency quarantine units and field hospitals require cross-ward/cross-site equipment relocation, further expanding the attack surface and complicating complex clinical topologies.

Despite these hurdles, overcoming them is easier than it may seem.

Bracing for wave 2 with preventative measures

Healthcare organisations can solve the majority of their IoT cyber security challenges by taking preventative measures:

  • Launch a cyber awareness campaign – For healthcare organisations, patients, and employees to stay safe, everyone from IT to medical professionals needs to be aware of cyber threats and cyber hygiene best practices.
  • Adopt a zero trust security policy – By adopting a zero-trust policy, healthcare organisations can limit access to sensitive information like ePHI (electronic personal health information) and reduce the attack surface. Zero-trust policies also help limit the reach of external attacks by stopping the propagation of the infection into sensitive devices on the network.
  • Segment the network – Reduce the attack surface of the clinical network by limiting communications between devices to only those that are necessary to maintain medical services.
  • Employ a Healthcare IoT security program – Automated security solutions can simplify and expedite healthcare IoT cyber security projects. They integrate easily with IT tools healthcare IT teams might already have in place and enrich them with the medical context hospitals need to avoid device downtime and ensure continuous clinical services.

The need for a Healthcare IoT security program is paramount in healthcare, and top research firms like Forrester and Gartner have recognised the emerging industry with reports dedicated to providing hospitals with detailed information on leading vendors.

Leon Lerman

Hospitals have a plethora of tools they can use right now to secure clinical environments exponentially faster than they would be able to manually. These tools simplify complex processes like relocation, vulnerability management, and asset management with automated inventory and network segmentation capabilities.

Today’s world may be plagued by things we can’t control, like hackers stealing sensitive health information and a swelling wave of COVID infections. In spite of all that, we do have control over the steps we take to mitigate these threats. The tools and power to control healthcare’s security posture and readiness for the second wave of COVID rests in hospitals’ hands.

The author is Leon Lerman, CEO at Cynerio.

About the author

Leon Lerman is CEO at Cynerio. Leon brings over a decade of experience in cybersecurity enterprise sales, channel sales and business development to establish Cynerio as a vendor in the healthcare cybersecurity space. Prior to Cynerio, Leon was director of sales at Metapacket, where he led go-to-market strategy and execution.

Prior to that, Leon held sales and sales engineering positions at RSA security, helping the largest enterprises in the region to solve their security problems. Leon served as an expert intelligence officer at 8200 in the Israel Defense Forces. Leon holds a Bachelor of Science in industrial engineering and management from the open university of Israel where he graduated with distinction.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES
doctor using virtual application

The impact of IoT on medical equipment and healthcare

Posted on: April 24, 2024

In the healthcare industry, medical equipment and medical IoT have become an important part of treatment. More and more connected devices are not only changing patient care but also improving medical intelligence. With the help of technical innovation, medical devices are not only reducing operational costs but also providing a promising path for improving health

Read more
business people looking chart office

Invicti launches AI-powered predictive risk scoring for web applications

Posted on: April 24, 2024

Invicti has announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organisations gain a view of their overall application security risk.

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more