COVID-19: What healthcare IoT cyber security learned from the first wave

Healthcare organisations, like hospitals and medical research institutions, have been hit hard by the COVID pandemic and cyber criminals have, unfortunately, taken advantage of the situation. Cynerio CEO, Leon Lerman reports that attacks have risen by 300% since the pandemic started.

If a lesson can be taken from the first wave of COVID, it’s that the healthcare industry can take preventative measures to fortify clinical networks, preserve medical services, and ensure patient safety today and in the future.

Understanding healthcare’s cyber vulnerabilities

Now, everyone’s talking about Wave 2. In order to secure our hospitals, we have to look at why they’re so targeted and difficult to secure in the first place:

  • Connected medical devices, or Internet of Medical Things (IoMT) devices, are notoriously vulnerable to cyber threats. Many weren’t designed to connect to networks and don’t have any built-in cybersecurity protocols. More than 70% of IoMT devices run unsupported Windows operating systems (e.g. Windows 7) that are no longer supported and can’t be patched.
  • Standard security tools don’t work for healthcare IoT. IoMT devices have unique communications patterns (think heart monitors communicating with nurse stations or MRI machines communicating with their vendor for routine maintenance). Without medical context, standard firewall and NAC policies could disrupt the normal function of critical devices and jeopardise patient safety.
  • Clinical network topologies are in a constant state of flux. There are around 10 billion IoMT devices connected to the global clinical ecosystem today, with over 50 more connected each second, and 50 billion projected by 2028. The majority are connected without security checks, and thousands are moved between wards and off-campus sites completely unchecked. Keeping track of them all without an automated IoMT asset management solution is pretty much impossible.
  • The variety of cyber attacks on healthcare has expanded. In the past, healthcare was typically targeted by sophisticated, state-sponsored attacks. Today, due to the vulnerability of the healthcare industry, amateur hackers carrying out simple, generic attacks on non-medical devices that happen to be connected to clinical networks (e.g. security cameras, PCs, game consoles) can cause serious harm. Hospitals need to be prepared for a variety of spontaneous attacks every single day.

COVID’s impact on healthcare network security

The pandemic has made the industry’s cybersecurity challenges more complicated:

  • Hospitals are understaffed, from medical staff to IT and cybersecurity professionals.
  • Adoption of remote work and telehealth has spiked and is probably here to stay, expanding the attack surface of clinical networks and providing uncountable entry points for hackers.
  • Equipment shortages alongside a surge of patients in crisis mean devices are hooked up to the network without any cybersecurity checks.
  • Emergency quarantine units and field hospitals require cross-ward/cross-site equipment relocation, further expanding the attack surface and complicating complex clinical topologies.

Despite these hurdles, overcoming them is easier than it may seem.

Bracing for wave 2 with preventative measures

Healthcare organisations can solve the majority of their IoT cyber security challenges by taking preventative measures:

  • Launch a cyber awareness campaign – For healthcare organisations, patients, and employees to stay safe, everyone from IT to medical professionals needs to be aware of cyber threats and cyber hygiene best practices.
  • Adopt a zero trust security policy – By adopting a zero-trust policy, healthcare organisations can limit access to sensitive information like ePHI (electronic personal health information) and reduce the attack surface. Zero-trust policies also help limit the reach of external attacks by stopping the propagation of the infection into sensitive devices on the network.
  • Segment the network – Reduce the attack surface of the clinical network by limiting communications between devices to only those that are necessary to maintain medical services.
  • Employ a Healthcare IoT security program – Automated security solutions can simplify and expedite healthcare IoT cyber security projects. They integrate easily with IT tools healthcare IT teams might already have in place and enrich them with the medical context hospitals need to avoid device downtime and ensure continuous clinical services.

The need for a Healthcare IoT security program is paramount in healthcare, and top research firms like Forrester and Gartner have recognised the emerging industry with reports dedicated to providing hospitals with detailed information on leading vendors.

Leon Lerman

Hospitals have a plethora of tools they can use right now to secure clinical environments exponentially faster than they would be able to manually. These tools simplify complex processes like relocation, vulnerability management, and asset management with automated inventory and network segmentation capabilities.

Today’s world may be plagued by things we can’t control, like hackers stealing sensitive health information and a swelling wave of COVID infections. In spite of all that, we do have control over the steps we take to mitigate these threats. The tools and power to control healthcare’s security posture and readiness for the second wave of COVID rests in hospitals’ hands.

The author is Leon Lerman, CEO at Cynerio.

About the author

Leon Lerman is CEO at Cynerio. Leon brings over a decade of experience in cybersecurity enterprise sales, channel sales and business development to establish Cynerio as a vendor in the healthcare cybersecurity space. Prior to Cynerio, Leon was director of sales at Metapacket, where he led go-to-market strategy and execution.

Prior to that, Leon held sales and sales engineering positions at RSA security, helping the largest enterprises in the region to solve their security problems. Leon served as an expert intelligence officer at 8200 in the Israel Defense Forces. Leon holds a Bachelor of Science in industrial engineering and management from the open university of Israel where he graduated with distinction.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

IoT set to overtake cloud computing as primary Industry 4.0 technology, Inmarsat research reveals

Posted on: October 14, 2021

New research by Inmarsat, the provider of global mobile satellite communications, reveals that investment in the Internet of Things (IoT) is set to overtake cloud computing, next generation security, big data analytics and other digital transformation technologies in the near future.

Read more

IDTechEx looks at the setbacks and explores how to move forward

Posted on: October 14, 2021

Bill Gates backed a Belmont smart city in the Arizona desert little has happened beyond a land purchase. Authorities demand that the Colorado river’s diminishing water supply is unharmed. Arizona suffers historic water shortage. The Southwest and much of the West is suffering from an intense 22-year drought, resulting in increasingly low water levels, dry

Read more