Manage Learn to apply best practices and optimize your operations.

Secure healthcare IoT devices with network traffic analytics

A mere buzzword a few years ago, IoT has come to define modern technology: digital, smart, connected. From watches to vehicles and from homes to entire cities, our world is becoming smarter and more connected by the day.

However, IoT’s promise of a more convenient, more efficient future comes with drawbacks. Smart devices don’t always live up to their name. While they are smart at doing what they were designed to do, most are lacking when it comes to peripheral areas — security in particular.

In recent years, the IoT ecosystem has become a hot target for bad actors, affecting everyone from consumers to critical infrastructure. The healthcare sector in particular has become a lucrative target, not only because it’s one of the most IoT-centric industries, but also because it handles the most sensitive data: personally identifiable information and health data. Protecting medical IoT gear is tough, because embedded devices don’t support individual security agents. So how, then, can we protect medical IoT products?

Lack of security puts lives at risk

Frost & Sullivan estimated IoMT devices will number between 20 and 30 billion by 2020, and will be used for anything from remote patient care to hospital operations to interoperability and data management.

These devices have embedded operating systems, which means they usually don’t allow third-party software into the OS or, even worse, can’t be patched. As IoMT devices proliferate beyond hospital grounds, connected medical equipment used in homes and even in human bodies has become vulnerable to attacks.

Medical IoT security incidents are on the rise, according to the 2018 HIMSS Cybersecurity Survey. A study by Netherlands-based Irdeto goes even further, showing how organizations in transportation, manufacturing and healthcare have suffered substantial losses due to IoT-related incidents. According to the report, such incidents cost on average more than $330,000. Of the 700 enterprises surveyed across China, Germany, Japan, UK and the U.S., 80% admitted to suffering an IoT-related cyberattack in the past year. And almost half of respondents said they need additional expertise within the organization to address all aspects of cybersecurity. More worrying is the fact that 82% of organizations that manufacture IoT devices are themselves concerned that what they put on the market is not adequately secured against potential cyberattacks.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently issued an urgent notice that researchers found a potentially deadly flaw in cardio defibrillators equipped with wireless functions.

Patient data is a hot commodity

The dangers don’t stop at the hardware level. IoMT devices frequently access healthcare networks, expanding the attack surface for criminals to steal electronic medical records and other patient data. Cybercriminals then use the data for monetizing because it is especially lucrative in fraud and extortion campaigns.

As IoMT devices continue to proliferate, and with it the potential for attacks and network breaches, healthcare organizations must be prepared to monitor and detect threats for thousands of endpoints. This means an additional challenge of ensuring the best security posture along with meeting stringent compliance measures.

Catching attackers in transit

The inability to install security reporting agents on individual IoT devices has brought to light a serious issue: Attacks are typically detected when it’s too late. This challenge has given birth to a new category of security mechanisms expressly designed for individual and networked IoT devices. These systems use network traffic analytics (NTA), a technology that lets IT admins detect anomalous network traffic behavior they would normally have missed without the need to install an agent.

The technology is well suited to healthcare environments where IT staff is limited and the specialized skill set of a cybersecurity analyst may not be among the ranks.

The value of NTA is two-fold. First, it identifies and reports what looks like anomalous network traffic without any agents installed by non-intrusively taking a copy of the network traffic for analysis. Second, it focuses on the network traffic metadata without the need for deep packet inspection, thus providing insights into all traffic — regardless if it’s encrypted or not. This also means NTA meets the compliance requirements of GDPR, HIPAA and the like, allowing logs to be stored for future forensics analysis.

Perhaps most importantly, NTA automates the process of security incident triage to accelerate investigations and reduce the number of trivial alerts, addressing the ongoing issues associated with alert fatigue that so many IT personnel face. It uses machine learning models trained in complex scenarios to correlate thousands of events and report anomalous traffic with high accuracy. Additionally, NTA provides detailed explanations for the incident severity score and recommends remedial actions to speed up incident response.

Whether you’re a small medical practice or a state-level healthcare institution, an NTA-based security tool dramatically reduces the risk of exposure to your IT infrastructure, sensitive medical equipment, patient data and even patient lives from the increasingly sophisticated online threats.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.