Opinion Article: 5 Tips to Protect All Your Connected Medical Devices

Opinion Article: 5 Tips to Protect All Your Connected Medical Devices

Connected medical devices are a fundamental piece of improving patient care in modern healthcare organizations.

As more Internet of Things (IoMT) and connected equipment is installed in HDOs across Australia, patient care is improving and infrastructure is modernised. Unfortunately, security has been, at best, an afterthought amid the rush to add more IoT devices and more accessible medical equipment to the network.

As a result, HDOs are threatened by cybercriminals and have minimal defenses. This situation has created an environment where Australian HDOs are the most targeted industry. During the first six months of 2023, the Office of the Australian Information Commissioner (OAIC) ​​noted that the health sector covered 15 percent of all breaches under the Notifiable data breach scheme. This makes HDOs the most common sector targeted by threat actors, closely followed by the financial sector with 13 percent of all notifications under the scheme.

To further complicate the problem, 81 percent of breached HDOs took more than 30 days to identify that a breach had occurred. This time period for notifying authorities of the violation is only compounded by the fact that it took 85 percent of breached HDOs more than 30 days to notify the OAIC of the occurrence of a violation.

This is extremely problematic: Australian HDOs are therefore the most targeted of all sectors, taking a long time to identify that there is a problem and taking a long time to notify the government about the problem.

With the average cost of a breach in Australia amounting to more than 4.2 million Australian dollars (2.7 million US dollars), according to IBM Cost of a data breach reportHDOs cannot afford not to make a change in the way they protect connected medical devices and infrastructure.

These few suggestions are the start of what HDOs could and should do to improve the security of their connected medical devices and equipment.

  • Integrate cybersecurity preparedness into regular operations.

Security preparedness should expand beyond the cybersecurity teams directly responsible for incident response and the deployment of controls in the information infrastructure. Health technology management (HTM) and IT teams should also be integrated into cybersecurity planning. HTM teams with security built into their workflows can ensure connected devices have the correct updates applied and validate any need for stronger protections.

  • Create a complete and accurate inventory of all accessible network-connected medical devices.

Devices connected to the network and discoverable over the Internet need to be discovered and the data extracted from a centralized dashboard for visibility. A comprehensive map of connected medical devices allows cybersecurity and HTM teams to gain a better view of the HDO network architecture. This mapping can be achieved with a scanning solution that collects data from an external perspective and can be complemented by HTM teams that perform proactive maintenance on equipment that was not shown by an automated scan. The final data should include the operating system used on the device, what data is collected, and who potentially has access. Collecting as many parameters as possible from each connected medical device will provide greater visibility into the network architecture.

  • Perform a risk assessment on newly discovered devices.

With newly discovered connected medical devices, whether IoMT, OT or otherwise, integrated into a centralized dashboard for greater visibility, the next step is to understand what security vulnerabilities exist on the device and what risk they pose to the HDO. This can be done with a vulnerability scanning tool that runs across the network and addresses any known vulnerabilities identified by the Australian Cyber ​​Security Center (ACSC). Many vulnerability scanning tools tend to take advantage of the CVE database to identify software and hardware weaknesses. Once identified, it must be determined whether an attacker can actually exploit that vulnerability for that device in the organization and, if they can, what the priority of the risk posed by the vulnerability is in the organization. The riskiest vulnerabilities should then be mitigated through specific actions or patches to improve overall HDO security.

  • Implement effective monitoring and detection.

Anomalous traffic or behavior is often the first indicator of a cybersecurity incident. Armed with a basic understanding of the normal behavior of connected medical devices, cybersecurity teams must implement policies to identify and respond to abnormal traffic or actions. These policies should take into account the specific details of how an HDO’s network operates to further differentiate traffic that could contain hidden threats. Detection that enables threat modeling, machine learning, and crowd-sourced intelligence will enhance policies focused on proactive defense and improve response speed. It is important to consider IoT and OT devices in context to ensure the organization is fully protected.

  • Enable robust threat investigation tools and procedures

Understanding the correct context of medical devices and closing security holes is irrelevant if investigation procedures are not in place should the incident be successful. Security teams must be equipped with complete visibility into how their connected medical devices communicate with each other and the ability to track emerging attacks across those communication vectors. Regular captures of network packet data can provide this visibility, which should also be shared with clinical teams in case there is any impact on patient care.

Connected medical equipment, whether IoMT, OT or otherwise, helps HDOs deliver better patient care and, ultimately, better health outcomes. Protecting these critical medical devices doesn’t have to be complicated, but it does require some investment in new processes, new technologies, and new procedures. These five tips, which include creating an accurate inventory, mitigating the most critical vulnerabilities, and enabling robust threat investigation, enable cybersecurity teams to make their HDO more secure and ensure the health of the long-term community.


Shankar Somasundaram is the Founder and CEO of Asimily.

Leave a Reply

Your email address will not be published. Required fields are marked *