When Ordr recently alerted customers to a vulnerability in the Apache Log4j logging utility, Franciscan Alliance was able to identify which of its medical devices could have been impacted and segment them until a patch was released, Bhat says.
The health system also places a unified threat management firewall in front of the devices to protect them further. UTMs combine multiple security features into a single device on a network.
“We’ve locked those down in terms of preventing users or anybody else from connecting USB sticks or other portable media to those devices,” Bhat says.
Franciscan Alliance’s device ecosystem includes smart TVs, MRI machines, portable lab testing equipment and remotely monitored refrigerators for storing medication.
“My team spends a significant amount of time trying to understand what the organization is trying to bring in, what is the best way to secure those devices and also what the right network is for those devices,” Bhat says.
In addition to Ordr, Franciscan Alliance uses ServiceNow as its asset management system to maintain a rich data set of all resources on its network, Bhat says. It tells the health system which vendors support a particular device and identifies its purpose.
Going forward, Bhat says, he expects to see more investment by medical device manufacturers in patching devices.
“I think many healthcare organizations have struggled recently, because medical devices did not play nicely with traditional security products,” Bhat says. Medical vendors would ask for security scanning to be turned off, he adds.
But medical device integration is improving, he says. “That behavior is changing, and so we’re seeing much better partnership and change from the medical device community.”
DISCOVER: Answers to five questions around securing the Internet of Medical Things.
Harris Health System Tracks the Footprint of Medical Devices
To maintain situational awareness of medical devices, Bellaire, Texas-based Harris Health System turned to an Internet of Medical Things monitoring solution that not only tracks devices but neutralizes them if configured improperly. A simple vulnerability scan is insufficient, according to Jeffrey M. Vinson Sr., Harris Health’s senior vice president and chief cyber and information security officer.
“You just can’t monitor these devices without having an IoT or IoMT solution in place,” he says.
Tech tools provide Harris Health with information on which software versions are running and whether the devices have been recalled by the Food and Drug Administration, Vinson says. Segmentation is also a key strategy for Harris in dealing with potential threats to devices.
“That allows you to fingerprint these medical devices and also understand how those devices can be quarantined and cut off from the rest of the network if there was a ransomware outbreak,” Vinson says.
EXPLORE: How managed detection and response can improve your organization’s security posture.
By examining the fingerprint of a device such as an infusion pump, security professionals can track what ports or protocols the device is operating on and whether bad actors are exploiting vulnerabilities, he says.
“If you don’t have the visibility into what’s communicating on your network, you don’t have that situational awareness,” Vinson says. He warns that the threat of a patient’s medical device being hacked is real as long as it has Wi-Fi and Bluetooth connectivity.
Vinson recommends studying the Manufacturer Disclosure Statement for Medical Device Security, which details the security features of devices. IT security should always come back to the main goal, which is protecting patients, he adds.
“We’re all about positive patient outcomes, and we need to have those positive interactions,” Vinson says. “We never want to have those devices that are used for life safety to be compromised in any shape or form.”