By Greg Murphy, Ordr
In cybersecurity, speed is the name of the game. And in the current climate of adaptation to fast-changing conditions, organizations of all kinds are learning hard lessons of what it will take to survive and succeed in IT’s tomorrow. This is especially true in healthcare where the ability to act fast is essential in dealing with health crises, which also includes adversarial threats to network and data security.
As hospitals, clinics, and other healthcare organizations procure and deploy innovative new technologies, such as the Internet of Things (IoT) and Internet of Medical Things (IoMT), these connected devices are a valuable asset to healthcare workers, but they also create vulnerabilities and potential risks to the network. This includes things like “Shadow IoT” threats that result from a dangerous mix of devices that can undermine enterprise security.
Due to their specialized nature and mission-critical operations, modern medical equipment uses a wide range of operating systems, changes state constantly, and supports a variety of communication protocols. Yet, these devices are not designed to be secure and often can’t accommodate security software agents for management. In fact, 15-19 percent of medical devices run on old operating systems because they typically cannot be taken offline—even to be patched—due to the nature of their operations. On top of that, things get complicated (and risky) when you add other IoT devices to the network for things like for facilities management, communications and administration, physical security, and even consumer-grade devices such as voice assistants.
Automation Is The New Proactive
Hospitals and clinics have been forced to expand their operations and IT footprints ad hoc in response to short-term pandemic needs, and that has affected long-term IT strategies and the way healthcare organizations approach the new normal. Such planning must include clear goals for the security and management of these devices and the patients who rely on them. There are four essential steps for doing this, and the imperative to move fast requires that IT automate each step:
- Discover devices: It is vital to gain visibility into every unmanaged and IoT device that connects to your network. This includes ephemeral assets that may go offline at any time and then reappear in a new physical and network location. High-fidelity information is critical to truly understand and classify these devices.
- Understand behavior: Once you know what devices you have, you need to know its purpose in the enterprise and understand its normal behavior patterns. Mapping communications patterns and baselining device behavior is crucial to identifying anomalous behaviors.
- Identify risks: Are there mission-critical devices? Are there vulnerable devices? Understand the risk profile for these devices, from medical device advisories and vulnerabilities to obsolete device operating systems. Identify anomalous behaviors such as a rogue or infected device communicating to a bad domain.
- Generate policies: With all devices accounted for and categorized, IT and security teams can generate and assign appropriate segmentation policies for high-risk, vulnerable, and mission-critical devices. These policies can control how each device communicates, what resources they can and cannot access, and to ensure every new device and service is risk-assessed and secured in real time.
Automation is crucial to each of these steps; it ensures that critical IT resources are not hampered by a lack of information or manual processes. It has become clear that we cannot rely solely on human intervention to protect these assets, and that we need to move faster to integrate innovative technologies effectively, and without sacrificing security.
Arriving at the future of work and a post-pandemic new normal requires a shift of focus that addresses the security implications of the IoT/IoMT melting pot that healthcare enterprise IT has become. Doing so will help protect critical assets and ensure the reliability of that enterprise, but the speed needed to get there must not come at the cost of security, even as we learn and adapt to the lessons of this crisis.
About The Author
Greg Murphy is President and CEO of Ordr, where he is responsible for the overall vision and strategy of the enterprise IoT security company. Previously, he was VP of Business Operations for the HPE Aruba Group, where he led the business integration of Aruba and HP Networking following HP’s $3 billion acquisition of the company in 2015. Greg received his M.A. from Stanford University and his B.A. from Amherst College. Connect with him on LinkedIn.