Cyberattacks on healthcare facilities have been on the rise during the pandemic, threatening patient care and private data. In its State of Ransomware in Healthcare 2021 report, Sophos notes that over one third of healthcare organizations were victims of ransomware attacks over the last year, often resulting in exposed patient data and halted healthcare services. Unfortunately, only 28% of these attacks could be thwarted before the victim’s data was encrypted, highlighting the continued challenges around mitigating ransomware.
The combination of electronic protected health information (ePHI) and financial data at a single organization makes healthcare organizations tempting targets for attackers. The critical nature of the services provided within these hospitals adds increasing pressure on IT and security teams to quickly recover data to avoid disruption to patient care.
The Need for IoT Sensors
Securing healthcare organizations has become increasingly challenging as more devices and IoT/IoMT sensors have become part of regular patient care. Sensor-enabled interconnectivity is mandatory in these environments, as the technology improves the patient experience and simplifies the collection of valuable patient data. For example, patients that are experiencing volatile glucose levels can be monitored remotely, or even from down the hospital hall, with a sensor that’s safely embedded in their skin. Even as hospital staffing shortages continue, this type of sensor-enabled care has continued to help organizations provide high levels of care.
IoT Security Challenges
In the healthcare market, an IoT system refers to every device that is connected to the internet for a wide range of applications, such as tracking patients or equipment, collecting data, and analyzing it.
One of the security challenges associated with IoT sensors is that they are not always visible to the network administrator. Visibility is essential for understanding all network communication flows, and to minimize your potential attack surface, since you can’t protect what you can’t see.
Visibility is normally achieved with a host-based agent. However, IoT devices, and specifically IoMT (internet-connected medical devices), have unique characteristics and behaviors which mean they cannot be properly secured with a typical endpoint agent. Because these devices often run unique operating systems, they either require a specialized agent to run on the device, or they cannot accommodate a security agent at all.
Examples of IoMT devices include glucose monitors, room air quality sensors, and even ingestible monitoring sensors. With IoT market growth rates predicted as high as 28.6% CAGR, securing these device-rich environments as their use scales up will become a more common objective as teams work to mitigate potentially catastrophic breaches.
Guardicore’s IoT Security Alliances
To address these challenges, Guardicore has partnered with Armis, Ordr, and most recently Medigate, to help our customers solve their IoT and IoMT visibility and security challenges. Using varying approaches, all three vendors provide the following capabilities without using any agents:
- Real-time mapping of IoT devices for accurate inventory management
- Clinical context awareness to understand the unique characteristics of an asset
- Security response prioritization based on environment-specific workflows
These three alliances offer these capabilities as agentless solutions. Since many IoT devices are incompatible with agents, this is the best way to provide visibility, security, and control. The absence of agents in these solutions also means that an entire area of your environment can be secured with minimal maintenance. While many powerful security solutions operate as agents, adding additional agents to an environment can be taxing to CPUs and require some extent of downtime for updates.
Perhaps the most impactful feature of these IoT solutions is their IoT and medical-specific anomaly detection. Understanding behavioral anomalies on a device means the solution must have a clear understanding of what normal behavior is. This is where the limitations of many endpoint agents are reached, and where Armis, Ordr, and Medigate show their strength. Being aware of IoT device behaviors, as well as the types of medical data and processes flowing through IoMT devices, means that malicious anomalies are more rapidly detected and mitigated. More thoroughly, the risk level of anomalous behaviors on a device can be ranked and prioritized accordingly.
Better Together with Guardicore
Guardicore Centra provides significant security benefits when integrated with a trusted IoT security solution:
Gain Visibility into IoT devices. By leveraging the integrated solution with Guardicore Centra, IoT device data populates into a single consolidated view, simplifying device and process identification. This also strengthens your device labeling scheme that may not have previously included IoT devices. Once the devices are in the same view as the rest of your environment, they can be managed under a single security policy.
Prevent the spread of breaches with application-dependency mapping. With IoMT devices seen and secured, you can use Guardicore Centra to generate a new, detailed map of the devices in your environment that includes every medical machine with IoMT sensors. Applications and data flows between those devices and other servers or data centers also become visible, and opportunities to limit unneeded connections and processes begin to surface.
Protect against zero-day vulnerabilities. Even if all of your devices are monitored and secured by a trusted IoMT security solution, applications sharing sensitive data between servers and devices can sometimes carry zero-day malicious payloads that are unrecognizable by any next-gen security solutions. Guardicore Centra helps you eliminate unnecessary communication streams in the network by segmenting and isolating assets, letting you execute an important pillar of your Zero Trust security model.
Achieve compliance. The strict compliance standards of the healthcare space require organizations to know exactly what’s on their network and what the assets are doing at any given time. With strengthened device visibility from our IoT partners fed into the Guardicore Centra platform, you will be better equipped to see and segment those assets and eliminate unnecessary lateral movement, shrink your attack surface, and minimize the risk of a successful ransomware attack.