As the coronavirus pandemic has swept across the world, hospitals and healthcare systems have attempted to keep up with community needs via IoMT (Internet of Medical Things) devices. Federal agencies have even authorized emergency use of certain types of IoMT devices in order to monitor and reduce coronavirus disease exposure.
The benefits of IoMT are sufficiently appealing that the IoMT market is poised to hit a valuation of $158 billion by 2022. By 2023, forecasters predict that 68% of hospitals worldwide will rely on IoMT technologies in day-to-day activities.
However, many IoMT devices aren’t cyber secure, which can jeopardize patient care. While IoMT devices offer healthcare providers new means of delivering care, healthcare management groups must address the vast security challenges presented by IoMT.
Below, you’ll find 10 of the best ways to secure your organization’s IoMT devices.
1. Gaining visibility. At present, many IoMT devices on healthcare or hospital networks operate as shadow IT; invisible to network administrators or security professionals. Prior to launching new efforts designed to protect IoMT, healthcare delivery organizations need to identify existing IoMT devices on networks.
Visibility offers organizations the opportunity to monitor both medtech units and data traffic movement, subsequently preventing lateral intrusions and attempted cybercriminal attacks. Further, visibility can yield long-term cost savings, as it allows administrators to see what’s already on systems, and to avoid unnecessary additional purchases.
2. Tracking inventory. Once devices are visible, organizations must take inventory, helping to determine which types of endpoints need cyber security protection, and what kind of protection the organization should pursue.
Creating a real-time, digitized device inventory can also enable healthcare groups to instantaneously learn of a device’s location, which can potentially save a patient’s life in a critical situation. High-quality real-time inventory tracking tools mean that staff members do not have to waste any time searching through rooms for devices.
3. Vulnerability auditing. As of February 2020, more than 30% of healthcare leaders admitted to never having audited medical IoT. Vulnerability auditing enables organizations to prevent security gaps by installing patches where appropriate.
As appropriate, depending on the nature of the equipment, healthcare groups might want to patch devices with a security overlay that relies on network IPS, allowing “virtual patching” of vulnerable equipment. Alternatively, organizations may wish to set aside or dispose of little-utilized devices that pose cyber security risks.
4. Segmenting security. The vast majority of device-to-device communications are superfluous. Security through segmentation represents a best practice. By creating separation between patient data and the rest of the IT network, cyber security experts can better understand network traffic and can improve anomaly detection. As a result, IT staff can then offer better insights into unusual traffic patterns or movements that may indicate the presence of an intruder or a cyber infection.
5. Develop an IoMT Security Overlay. Organizations should take care in selecting IoMT security policies and enforcement mechanisms. Consider adding a zero-trust security overlay to your network, which will allow you to improve the management of IoMT network access controls, and lead to cyber risk reduction.
6. BYOD policies and enforcement. Although Bring Your Own Device policies are well-liked by employers and employees alike, they can present persistent security concerns due to the fact that these devices operate largely ‘out-of-reach’ of IT administrators. In healthcare settings, BYOD devices may contain and be used to share sensitive information pertaining to patients.
While more research is needed to determine the precise effects of BYOD on patient healthcare outcomes, researchers recommend that hospital and healthcare units follow the BYOD policies outlined here.
7. Know your vendors. Select industry-recognized and well-regarded vendors who care about your providers and patients as much as you do. Ensure that your vendor can help manage all elements of your complex IoMT ecosystem, including third or fourth-party risk.
8. One-stop shopping. Selecting a security vendor who can cover all of your hospital or healthcare system’s security needs makes cyber security management easier and more efficient than working with a variety of vendors. In addition, a multi-modal product means that you can avoid the headache of integrating a large number of hardware and software components. Integrated solutions can simplify security management all-around.
9. Multi-layered security. Although our discussion has focused on technical security implementation options thus far, don’t forget about physical security. Any devices that are not in active use should receive proper storage within designated locations, as opposed to occupying the corners of vacant hallways. Health care delivery organizations may wish to connect physical security apparatuses to network operations.
Physical and digital security strategies can complement one another. For instance, organizations may want to restrict access to ports, preventing cybercriminals from quietly plugging in and adding malicious devices.
10. Cyber security awareness training. Presenting non-medical education to well-educated healthcare professionals can be a challenge. Healthcare professionals commonly perceive themselves to have all of the education required for the job and want to focus on patient care. Information Technology professionals who would like to offer healthcare providers cyber security training must reflect on how they can align themselves with staff.
IT professionals should emphasize how cyber security awareness leads to improved patient care. Cyber security messages may be best conveyed by an authoritative professional colleague, as opposed to an IT staff member.
An array of IoMT devices have played pivotal roles in advancing the quality of health and healthcare in the wake of the coronavirus pandemic. IoMT can offer an invaluable suite of benefits, making lives and livelihoods easier and more comfortable.
While securing IoMT remains a continuous challenge for Information Technology teams, strong foundational cyber security strategies and solutions can empower your organization to stop threats.
As with any other type of security implementation, IoMT security perfection is a journey. As the nefarious persons evolve their malicious techniques, technologies and best practices shift and transform as well. To ensure that your organization keeps IoMT devices, be sure to stay up-to-day regarding emerging IoMT threats, patches, technologies, training, and analyses. Be the healthcare group that patients trust.
About Sharon Schusheim
Mr. Sharon Schusheim serves as Check Point Software Technologies CIO & VP Technical Services. He joined Check Point in 2006. During his time here he has also served as VP Sales Operations and VP Technical Services. Prior to joining Check Point, Mr. Schusheim served as Corporate VP at Paradigm Geophysical, the largest independent developer of software-enabled solutions to the global oil and gas exploration and production industry. Before that he worked at Scitex Corporation. Sharon holds a BsC, Industrial Engineering, from Technion-Israel Institute of Technology.
