• Home
  • Managed Security
    • Managed Security
    • Managed Detection and Response
    • Security as a Service
  • Services
    • Cyber Risk and Technical Assurance
      • Segmentation and Zero Trust
      • Penetration Testing
      • Infrastructure security assessment
      • Secure Architecture Development
  • About Us
  • Resources
    • Cyber Security Blog
    • Case Studies
    • Cyber Security FAQs
  • Contact Us
  • Menu Menu

Medical Device Network Security, the prognosis is good

Cube News, Internet of Things, Operational Technology, Threat Protection

Are networked medical devices secure? We know that a significant number of medical devices have security vulnerabilities, known and unknown. Identifying the known vulnerabilities before a threat infects the device then eventually the network is the role of having a solid cyber security strategy in place. In Australia, the health sector has recorded the highest amount of data breaches since the Mandatory Data Breach regulations came into effect earlier this year.

The reporting tends to ignore the fact that the security of a device does not equate to the security of the system. The chants of self-appointed researchers and some fear-slinging security vendors would have us believe we’re all at risk of remotely controlled death, triggered by smart-phone.

In this article, we explore the current landscape of the network security for medical devices and architecture to ensure a secure environment.

So are medical devices secure?
The likelihood of actual harm from medical device insecurity is of course far removed from the worst case scenarios we read about in often-sensational media reporting or researcher claims. Those of us that actually work with medical systems know this. Nevertheless, vulnerabilities and threats obviously exist and medical devices are high-value targets. A better question perhaps would be “can networked medical devices operate safely and acceptable level risk to patients?”. Addressing this question, of course, is the daily challenge of professionals charged with managing risks on clinical networks.

What makes medical devices so different?
Just as for other waves of cybersecurity hysteria around IoT and Critical Infrastructure sabotage, medical devices are often cited as vulnerable to manipulation into misbehaving or leaking information. It is important to realise as security professionals that biomedical devices have unique needs that don’t always neatly fit into regular security practices. Like other critical infrastructure systems, medical devices and their local ecosystems are commissioned and tested extensively and formally so that they function exactly according to manufacturer specs. Change to these systems becomes complex, risky and expensive.

How then can devices be protected, yet allowed to communicate with all their necessary integration points – local users, remote support, external vendor monitoring systems, head-end servers, cloud-based health record services, other connected health systems?

Enter the modern security-centric network. A modern network security infrastructure can provide increasingly sophisticated protections from known attack vectors and these advances are the main thrust of this post. What’s changed? The loosely connected, hardware-centric, open networks of the past are giving way to Application Programming Interface (API) driven, integrated, software-centric, “zero-trust model” networks of today providing very powerful tools to achieve secure network architectures.

But first, let’s take a look at the external factors driving risk.

The Healthcare Threat Environment

There’s no question medical devices in clinical environments make high-value targets for cyber-criminals, where a breach of security could be both profitable to the attacker, potentially catastrophic to the victim, and very costly to a healthcare delivery organisation’s reputation.
Since the mandatory data breach notification scheme came into effect in Australia on February 22, health service providers have been top of the class when it comes to the number of data breaches reported, importantly though, a large percentage of the reported breaches were the result of either human error or a lack of basic cyber hygiene.

Threats commonly referenced for medical device security include malware infections, targeted attacks and Advanced Persistent Threats (APT’s), Denial of Service (DoS) attacks, theft, unintentional misuse and directly connected devices (e.g. USB devices).

Further complicating the security landscape the increasing integration with cloud-based electronic medical record systems represents the new risk.

Secure Network Architectures
Network Access Control (NAC) has been readily available for many years providing reliable and highly secure protection where it is needed most – at the point of access, the network edge. Pushing strong identity and access control mechanisms to the network edge using protocols like RADIUS and 802.1x, goes a long way to preventing unauthorised access. Use of a comprehensive NAC solution like the Cisco Identity Services Engine (ISE) now allows for extremely flexible deployment models, easily supporting both newer and older legacy devices – a major plus when dealing with a diverse mix of medical device capabilities.

Not only does NAC protect the wired and wireless network edge, it supports the dynamic placement of devices into segregated and isolated sub-networks (zones). Furthermore, the telemetry provided by connection attempts provides excellent visibility of not only the movement and connection state of device assets but the ability to detect unauthorised connection attempts and take action accordingly.

The Medical NAC Ecosystem
A medical grade network ecosystem centred on NAC now enables highly flexible and integrated security to be achieved. Now that a security ‘event bus’ using the likes of Cisco’s pxGrid can be tightly coupled to both the NAC system, the segregation firewalls and beyond that to secure operations platforms like SIEM and automation tools, comprehensive and integrated security is readily achievable.

These abilities go well beyond traditional network segmentation and access control mandated by most standards. Let’s consider some of these. The ability to provide effective micro (device-level) segregation and isolation policy for one. The ability to quarantine unauthorised devices before they can send a malicious packet. The ability to perform real-time behavioural analytics on traffic flows. The ability to link security systems together and share context and behaviour. The ability to respond automatically to abnormal conditions and coordinate countermeasures using API calls.

Features within the Cisco Medical NAC ecosystem are underpinned by ISE/pxGrid, Stealthwatch and optional elements of Cisco’s Trustsec architecture. Of particular note are features like these:

• Medical device profiling – More than 250 profiles for medical devices out of the box with ability to customise your own. The ability to automatically detect the device type can really boost the flexibility in policy authorisation control and provides excellent visibility into the activity of the device fleet.

• Downloadable Access Lists (dACL) – Layer-3 packet filtering at the edge, including the option for Active Directory integration for per-device/class ACL’s using custom attributes

• Identity PSK – The recently introduced capability to use multiple pre-shared keys on the same WLAN SSID, with the dual benefit of keeping the number of SSID’s low and supporting migrations, key updates and per device/group PSK

• pxGrid – Cisco’s context and event integration publisher/subscriber backbone for Rapid Threat Containment and multi-platform.

• Stealthwatch – The network flow security analytics engine, detecting abnormal network behaviour and attacks

• SIEM integration – Push logs and events into your log repository or SIEM for maximum analytical and troubleshooting value

• API driven automation and response capability – All of the products mentioned have API interfaces that your DevOps or SecOps team can take advantage of to start exploiting full visibility and control of the environment.

 

Using network segmentation to protect devices and medical records from threats requires Medical-Grade NAC. By monitoring behaviours to detect and contain threats, healthcare security can be improved drastically to mitigate risks to the organisation. Putting it all together requires some planning and experience, but the tools available today are vastly improved and proven in the field today. As the saying goes, the whole is now much bigger than the sum of the parts when the parts fit together effectively. This, of course, is just a component of the overall security approach, but as the point of control closest to the medical device, it is a critical one to get right.

Cube Cyber, a Cisco Certified provider based in Brisbane, has been delivering solutions for the healthcare industry since 2015. Contact us today on 1300 085 366 to discuss your next project.

 

 

 

References:

Office of the Australian Information Commissioner
https://www.oaic.gov.au/

US Health Care Breach register
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of San Diego “Cyber Security Threats in 2018”
https://onlinedegrees.sandiego.edu/top-cyber-security-threats/

NIST / NCCoE Infusion Pump Security August 2018
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit-wip–nist-sp1800-8b.pdf 

 

September 21, 2018/by CubeCyber Team
https://cubecyber.com/wp-content/uploads/2018/09/medical.jpg 400 744 CubeCyber Team http://cubecyber.com/wp-content/uploads/2023/01/cubecyberlogo-top.svg CubeCyber Team2018-09-21 04:48:262022-11-24 11:17:12Medical Device Network Security, the prognosis is good

Quick Search

Latest Insights

  • SASE – Secure Access Service Edge: A Simple OverviewApril 21, 2022 - 11:01 pm

    Over the past couple of years businesses and corporations have had to quickly adjust to a significant increase in employees working from home. With increasing data coming from online sources into corporate networks, more SaaS apps being adopted and new types of traffic taking up increasing bandwidth (videos, collaboration, and shared editing of online documents), […]

  • Beginners Guide to Cloud Computing & How it Can Help Small BusinessesMay 13, 2021 - 5:16 am

    With more businesses working from home, it may be time to invest in cloud computing for your company. In fact, it is more than likely you are already using some form of cloud computing. If you have ever used Dropbox or Google Docs, as two examples, then you are already familiar with working from cloud-based […]

  • Top 7 Cyber Attacks Threatening SME’s (and how to prevent them)May 13, 2021 - 5:14 am

    Small and medium sized enterprises (SME’s) frequently underestimate the need for cyber security protection. This miscalculation could end up being a risky strategy for those not willing to invest in the best preventative measures for their business. Just because an enterprise is small, does not mean it is not at risk from the top cyber […]

  • GDPR Cyber Security and How It Might Impact Your BusinessMarch 2, 2021 - 11:45 am

    The European Union’s General Data Protection Regulation (GDPR), came into effect back in May 2018, but what does that mean for Australian businesses and cyber security? What is GDPR? First of all, what actually is GDPR? The GDPR is short for General Data Protection Regulation. It was brought in by the European Union on 25th […]

  • How to Prepare A Cyber Defence Plan for Your EnterpriseFebruary 12, 2021 - 4:56 am

    No business, small or large is not at risk from a cyber attack. From small businesses to huge government organisations, all companies must ensure they have an excellent cyber defence plan in place. Planning what to do in a cyber attack is just as important as managing active preventative measures. Many smaller enterprises do not […]

  • Cyber Security Australia: Increasing Attacks on BusinessesFebruary 12, 2021 - 3:21 am

    Cyber security in Australia is an essential tool to protect businesses both large and small, from advancing cyber crime threats. In this current environment it is vital that no matter the size of the company, everyone is doing what they can to stay secure online. In the past, businesses only had to really worry about […]

  • Cyber Security Risk: What would it cost if your company could not work for one day?February 12, 2021 - 2:56 am

    Cyber security risk is a problem all companies face, from large corporations to small, independent businesses. But cyber security is much more than a simple IT issue, it can have a huge impact on your revenue…and reputation. Have you ever thought about what you could lose if your business were to go offline from a […]

Choose Category

  • Advanced Development Capability
  • Assessment and Insights
  • Case Studies
  • Cloud Services
  • Cube News
  • Cyber Attacks
  • Cyber Crime Australia
  • Enterprise
  • Expert Advice
  • Incident Response
  • Industry
  • Internet of Things
  • Large Corporation
  • Managed Protection
  • Operational Technology
  • Remote Working
  • SME's
  • Threat Protection
  • Vulnerability Assessments

Tag Cloud

Cloud Computing Cyber Tips Data Breach emergency plan GDPR Hackers Malware News Office 365 Phishing Attacks Ransomware

Wondering how much our solutions cost?

GET A FREE QUOTE

Not sure yet? Get a Free Trial now.

GET A FREE TRIAL

ABOUT CUBE CYBER

About Us
Contact Us

CALL 1300 085 366

SERVICES

Cyber Risk & Technical Assurance
Segmentation and Zero Trust
Penetration Testing
Infrastructure security assessment
Secure Architecture Development

MANAGED SECURITY

Managed Security
Managed Detection & Response
Security-as-a-Service

RESOURCES

Cyber Security Blog
Case Studies
Cyber Security FAQs

ISO 27001 CERTIFIED

© CubeCyber 2023. All Right Reserved | Designed & Developed by Escope

Scroll to top

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this.

Accept & Close

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy