As healthcare professionals use digital devices such as diagnostic and monitoring systems, ambulance teams, and surgical robots to improve patient care, the safety of these devices is as important as their primary function.
Palo Alto Networks, the world leader in cybersecurity, has announced Medical IoT Security, the most comprehensive Zero Trust security solution for medical devices, enabling healthcare organizations to quickly and securely deploy and manage new connected technologies. Zero Trust is a strategic approach to cybersecurity that protects an organization by removing implicit trust through continuous verification of every user and device.
“The proliferation of connected medical devices in the healthcare sector brings many benefits, but these devices are often not well protected. For example, according to Unit 42, an alarming 75% of the smart infusion pumps examined in the networks of hospitals and healthcare organizations had known security flaws“, says Anand Oswal, Senior Vice President of Network Security Products at Palo Alto Networks. “This makes security devices an attractive target for cyber attackers, potentially exposing patient data and ultimately putting them at risk. risk,” he concludes.
While a Zero Trust approach is essential to help protect medical devices against today’s innovative cyberthreats, it can be difficult to apply in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations, and one-click policy enforcement, Medical IoT Security offers a Zero Trust approach in a seamless and simplified way.
Medical IoT Security uses machine learning (ML) to enable healthcare organizations to:
- Create device rules with automated security responses: Easily create rules that monitor devices for behavior anomalies and automatically trigger the appropriate responses. For example, if a medical device that normally only sends small amounts of data unexpectedly starts using a lot of bandwidth, the device may be disconnected from the Internet and security teams may be alerted.
- Automate Zero Trust policy recommendations and enforcement: Enforce recommended least privilege access policies for medical devices with a single click, using Palo Alto Networks’ next-generation firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation, and scales easily across a set of devices with the same profile.
- Know device vulnerabilities and risk posture: Accessing the Software Bill of Materials (SBOM) for each medical device and matching them to Common Vulnerability Exposures (CVEs) helps identify software libraries used in medical devices and any associated vulnerabilities. Get immediate insight into the risk posture of each device, including expedited end-of-life status, recall notification, default password alert, and unauthorized external website communication.
- Improve compliance: Easily understand medical device vulnerabilities, patch status, and security settings, makes it easy to get recommendations for device compliance with regulations and guidelines, such as the Health Insurance Accountability Act (HIPAA), the General Regulations for Data Protection (GDPR) and similar laws and regulations.
- Verify network segmentation: it is important to view the entire map of connected devices and make sure that each device is placed in its designated network segment. Proper network segmentation can ensure that a device only communicates with authorized systems.
- Simplify operations: two separate dashboards allow IT and biomedical engineering teams to each view information critical to their roles. Integration with existing healthcare information management systems, such as AIMS and Epic Systems, helps automate workflows.
Healthcare organizations use these products to protect the devices that provide state-of-the-art care to millions of patients around the world.
“Establishing and maintaining a state of the art medical IoT (IoMT) environment is paramount to establish an effective business cybersecurity program. The ability to accurately detect, identify, and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event,” acknowledges Tony Lakin, CISO, Moffitt Cancer Center. “Palo Alto Networks’ IoT capability it integrates seamlessly with our continuous monitoring processes and threat hunting operations. The platform constantly provides my teams with actionable insights that enable them to proactively manage the threat surface of our medical device portfolio,” he says.
“With thousands of devices to manage, healthcare environments are extremely complex and require smart security solutions able to do more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for medical IoT security. The addition of intelligence will enable providers to improve operational efficiencies, which will improve the experience for patients and professionals and ease the burden of an ongoing IT skills shortage,” said Bob Laliberte, Principal Analyst at ESG.
Laliberte adds that “Healthcare providers remain high-value targets for attackers. This reality, combined with the diversity of IoT medical devices and their inherent vulnerabilities, points to a real need for device security that is designed specifically for healthcare use cases.”
“The ability to defend against threats that target critical care devices, while maintaining operational readiness and reinforcing the alignment of device governance responsibilities between IT and Biomed engineering teams, will be is quickly becoming a necessity for protecting patient data and lives,” said Ed Lee, Director of Research, IoT and Intelligent Edge Security, IDC.