Posted on Sep 20, 2021
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies. To enhance the security of electronic Protected Health Information (ePHI), healthcare organizations need to secure the Internet of Medical Things (IoMT) as part of their cybersecurity risk mitigation efforts.
IoMT is internet-connected devices and their associated applications that healthcare providers use to reduce care costs and enhance patient care. The devices can be used in hospitals or in a patient’s home.
Sensitive data that these devices collect, store, transmit, and process includes:
Some examples of IoMT include:
Like many Internet of Things (IoT) devices, IoMT devices often lack standardized security controls. This makes them easy targets for threat actors.
IoMT uses wireless networks to share information with healthcare providers. Often, these devices have weak security authentication controls. Malicious actors who gain unauthorized access to these devices can then move laterally within networks or weaponize the devices to harm patients.
Some types of attacks that malicious actors can use include:
Establishing and maintaining an inventory of all IoMT is the first step toward better security. You can’t protect what you don’t know you have. Many healthcare organizations struggle to identify the devices because IoMT is often unmanaged, meaning that they are not linked to a responsible party who acts as the “owner.” The inability to link a device and user creates a security blind spot because no one is responsible for managing security protections like passwords.
Every IoMT device comes with default settings and passwords. However, threat actors can often find these default passwords online. When adding a new IoMT device to the network, the first step should be to create a new, strong password that is unique to the device.
Some best practices include:
Additionally, you should make sure that the password cannot be located in any password databases located on the internet. This helps reduce the likelihood that malicious actors will be able to “guess” the password.
Multi-Factor Authentication (MFA) acts as a second step to mitigating credential theft risks. Even if threat actors successfully attempt to log into the device, MFA requires them to submit additional information proving that they are who they say they are.
MFA means including two or more of the following to authenticate to a device, network, or application:
Network segmentation is the process of physically or logically separating networks that contain sensitive information from those that do not. This process can be done by storing sensitive information on a different data center from public internet-facing applications or by using firewalls to limit access to the network containing sensitive data.
This process limits risk because malicious actors are unable to move from one network to another, reducing a data breach’s potential impact.
Security updates fix known vulnerabilities in software, operating systems, and firmware. Often, threat actors use these vulnerabilities as a way to gain access to devices, networks, and applications.
Creating a regular schedule that prioritizes updating critical IoMT devices and their applications can mitigate risk. Additionally, this schedule should include prioritizing any network devices or components associated with any IoMT-connected network.
Monitoring network traffic provides visibility into whether devices are sending or receiving more data than they should. For example, an IoMT device can be weaponized and used as part of a botnet. In a botnet attack, the BotMaster controls the compromised devices (“bots”), distributing commands to the bots. The request and responses overwhelm the servers, leading to Denial of Service (DoS).
By monitoring for abnormal traffic, the healthcare organization can detect potentially compromised IoMT devices and reduce the attack’s impact.
IoMT transmits ePHI to a connected application. For example, a connected insulin pump shares data with the application, helping the patient and provider monitor glucose levels. However, the application is connected to the public internet.
Data-in-transit encryption at the network level reduces the impact of eavesdropping and man-in-the-middle attacks. Encryption scrambles data, making it unreadable without the appropriate decryption technology. Even if malicious actors were to gain access to the network, they would be unable to use the information.
IDS can be signature-based, specification-based, or anomaly-based. For IoMT, anomaly-based provides the best defense.
An anomaly-based IDS monitors the network for any abnormal activity. It often includes machine learning so that it can alert you to new risks. The primary benefit of anomaly-based IDS offers the ability to detect zero-day attacks, attacks arising from previously unknown vulnerabilities. Since IoMT is a newer technology, many devices are not linked with known vulnerabilities.
Healthcare organizations that want to better secure their IoMT devices should consider a solution that provides visibility into new and emerging risks.
IoMT provides significant patient care benefits, and healthcare organizations need to leverage them to provide the best patient care possible. However, they also need real-time discovery, monitoring, and risk mitigation technologies that help them protect patient data.
SecurityScorecard Sentinel scans a healthcare organization’s entire environment to detect connected devices, including IoT and IoMT. Additionally, Sentinel scans devices for malware, to mitigate the risk that threat actors will use them as part of a Distributed Denial of Service (DDoS) attack.
Our security ratings platform incorporates IoMT devices as part of our easy-to-read, A-F security score so that healthcare organizations have continuous visibility into their security posture.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You can’t manage what you can’t measure. Check out our list of the top 20 cybersecurity KPIs to track in 2021.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.