- Big Data
- Case Studies
- IT Infra
- Digital Transformation
- Digital India
- Software Defined
- AI / ML / BOTS
- BPO/BPM/IT Services
- Enterprise Applications
Rise of IoMT has Increased Number of Vulnerabilities: Fortinet
Healthcare IT security teams in India must be prepared to face possible cyber-attacks on connected medical devices
Cyber-attacks in the healthcare industry are on the rise as medical data is far more valuable than credit card fraud or other online scams. Medical information contains everything -- from a patient’s medical history to medical prescriptions. Hackers are able to access this data via network-connected medical devices as a result of Internet of Medical Things (IoMT).
The IoMT is a collection of medical devices and applications that connect to the healthcare IT systems through the online computer networks. These include medical devices equipped with Wi-Fi that allow machine-to-machine communication.
The rise of the IoMT, while opening doors to improved processes and patient care, has resulted in an increased number of vulnerabilities. Healthcare IT security teams in India must be prepared to face possible cyber-attacks on connected medical devices in healthcare facilities, as well as home health devices. These devices have not been designed with security as a top-of-mind concern since developers are primarily focused on functionality and ease of use.
Rajesh Maurya, Regional VP, India & SAARC, Fortinet, talks to BW CIO about the need for the healthcare industry in India to prepare for IoMT, as well as cyber threats, and the action needed for the same. Excerpts:
BW CIO: What is the need for the healthcare industry in India to prepare for Internet of Medical Things (IoMT) and cyber-threats?
Rajesh Maurya: There are many new wearable and connected medical devices in the healthcare market today that make it easier to provide patient-centric care. However, many of these devices were not designed with security in mind, and often lack even basic security functions, thus making patients susceptible to cyberattacks.
This presents a huge challenge to healthcare IT leaders as they have to ensure that these devices are all patched, or even worse, activate and manage a device recall, if vulnerability is discovered. If one insecure, infected device connects to the network, it can result in the entire network being compromised.
BW CIO: What is the biggest loophole in the current healthcare sector in the country?
Rajesh Maurya: The massive influx of connected devices into the healthcare industry has expanded the surface area for possible cyber-attacks. Many healthcare institutions lack adequate security capabilities. The combination of these two factors equates to an “easy win” in the eyes of cybercriminals.
The biggest challenge for leading healthcare providers is around these new attack surfaces. It’s not just the existing challenge of protecting healthcare records. That’s obviously still a primary issue due to the value of patient data and its inability to be easily erased or changed. As we move into 2018, healthcare organizations need to protect critical, connected networks, like those within the ICU.
Data monitors, insulin and other medicinal pumps, and pacemakers, all run on these networks. In these cases, the endpoint becomes the human life, not a PC. When it comes to protecting that endpoint, healthcare providers are faced with an extremely tough challenge because security is always seen as an inhibitor.
BW CIO: Can you shed some light on the implementation of the internal segmentation firewall (ISFWs) and the advantages?
Rajesh Maurya: Today’s solution involves looking at network security as an ecosystem. Perimeter-based protection alone is no longer sufficient, since threats can now come internally, or, from the proliferation of connected medical devices that access the network from within a traditional firewall.
The Internal Segmentation Firewalls (ISFWs) complement next-generation firewalls (NGFWs), since they provide protection against internal threats where NGFWs focus on external access points. Should an attacker get past perimeter defenses (through a successful phishing attack, for example) or conduct a direct attack on an internal endpoint (such as a connected medical device or a physician’s tablet), ISFWs provide important control and visibility before patient data can make it to the exit door.
They do this by conducting rapid inspection of internal network traffic, which enables administrators to detect attacks much more quickly than if they waited for the attempted exfiltration of data. Contemporary ISFWs provide the high throughput and flexibility needed to maintain network speed and avoid compromising the user experience. Hence, their installation is essentially invisible to clinical and internal stakeholders.
This approach is especially important given the widespread adoption of distributed devices. While these tools provide excellent functionality and aid patient treatment, they also introduce new vulnerabilities because the devices themselves aren’t necessarily under the control of the healthcare provider organization. Creating a “virtual fence” around valuable health IT assets via ISFWs is an effective way to catch pernicious activity before attackers can steal sensitive data or compromise patient care systems.
BW CIO: “Healthcare is the most vulnerable to cyber attacks.” Your thoughts on this statement.
Rajesh Maurya: With so many connected pieces of medical equipment and different types of software being run, it’s a challenge for healthcare organizations to successfully defend against attacks. Inadequate budgets and a lack of skilled security personnel, combined with the hurdles presented by a variety of security needs, are all holding healthcare institutions back, and cybercriminals are aware of their struggles.
The industry’s vulnerability makes it an easy target for criminals, as a result. An attacker targeting a healthcare organization often has the luxury of gathering a little bit of information from one system, and then moving on to their next target without being detected. The number of vulnerable systems in an existing healthcare network makes it simple for them to collect a bunch of small wins over time that can equate to a big win overall.
Ransomware attacks can be targeted as a means for quick financial wins. Healthcare institutions are often pressured into paying the sums of money being asked as prolonged downtime can be damaging to reputation, and more importantly, patient safety.
BW CIO: How can the healthcare industry develop in the country if the step is taken to prepare for IoMT?
Rajesh Maurya: According to Allied Market Research, the global Internet of Things (IoT) healthcare market is expected to reach US$136.8 billion by 2021, registering a CAGR of 12.5 percent between 2015 and 2021, driven by the easy availability of wearable smart devices and decreasing cost of sensor technology.
The use of MIoT devices in healthcare network has become essential both to the patient and care providers. Fortinet offers the following strategies for healthcare organizations to prepare against imminent IoMT cyber-threats:
Maintain good network hygiene
Ensure security posture is up-to-date with prevention and detection measures as well as develop and maintain good network hygiene, which includes systematic patching and updating of vulnerable systems, and replacing outdated technologies that are no longer supported.
Implement internal segmentation Firewall (ISFW)
CSIOs in healthcare organizations need to implement internal segmentation firewalls (ISFWs) as the landscape of networks is wide open and flat. ISFWs operate inside the network instead of at the edge, allowing healthcare organizations to intelligently segment networks between patients, administrators, healthcare professionals and guests.
ISFW can also identify types of devices – for example, between a patient information system and a life-saving heart monitor or infusion pump. It can then prioritize interconnected medical devices that need the highest degrees of protection and monitoring, and inspect and monitor all traffic moving between segments, all without impacting performance.
Establish a dedicated team
A dedicated team should be put in place to uncover the latest threat intelligence so that real-time threat and mitigation updates can be made expeditiously, before cybercriminals take advantage of any weaknesses in connected IoT devices or the critical services they provide.
BW CIO: What are the biggest challenges faced while addressing cyber threats?
Rajesh Maurya: Healthcare institutions are dealing with threats that will only become more complex in the future. Mobility threats have emerged as a direct result of the newfound reliance on laptops, tablets, and other handheld devices that connect administrators and care providers to healthcare networks.
Outside threats, like those that attempt to extract sensitive information from employees or medical professionals via social media or e-mail have also complicated security.
Most recently, we have seen an alarming rise in ransomware attacks targeted at healthcare institutions. Since lives actually depend on healthcare networks being online and available, many healthcare organizations have felt compelled to pay ransoms when their networks and data have been frozen. As can be expected, this has simply served to redouble the efforts of cybercriminals to exploit this opportunity.
Going forward, all of these attack vectors are expected to grow in complexity and frequency as the healthcare industry becomes more invested in advanced technology. In order to keep pace with the growing threat landscape, CIOs will need to increasingly rely on security partners and a network of alliances.
BW CIO: What does Fortinet do differently to ensure they are one step ahead when compared to their competitors?
Rajesh Maurya: Fortinet has been listed in the inaugural Fortune Future 50 list, a new ranking of elite companies best positioned for breakout growth. From the beginning, Fortinet saw security was an important part of the network, and we set our focus on long-term investments and innovation.
Years of development focused around five key stages of security development - detection, prevention, integration, performance, and value – have positioned us to provide the comprehensive strategies and technology necessary for protecting the connected digital world we are building together.
Fortinet is built around a culture of cutting-edge innovation, with more than 400 current technology patents with another 300 pending – more than any other network security vendor in the industry. We have also issued 85,000 network security certifications through our Network Security Expert Program.
We also collaborate with global universities across 66 countries to ensure that the right curriculum, resources, and training are in place to develop the next generation of security professionals, partner with international organizations such as NATO and Interpol, and are committed to increasing global intelligence sharing as a founder of the Cyber Threat Alliance.
BW CIO: What are your views on artificial intelligence and the future you envision with this development?
Rajesh Maurya: Today, we are still connecting the dots, sharing data and applying that data to systems. Humans are making these complex decisions, which require intelligent correlation through human intelligence. In the future, a mature AI system could be capable of making complex decisions on its own.
What is not attainable is full automation; that is, passing 100 percent of control to the machines to make all decisions at any time. Humans and machines must work together. The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
One of the biggest challenges of using AI and machine learning lies in the calibre of intelligence. Cyber threat intelligence today is highly prone to false positives due to the volatile nature of the IoT. Threats can change within seconds; a machine can be clean one second, infected the next and back to clean again full cycle in very low latency.
Enhancing the quality of threat intelligence is critically important as IT teams pass more control to artificial intelligence to do the work that humans otherwise would do. This is a trust exercise, and therein lies in that unique challenge. We, as an industry, cannot pass full control to machine automation. We need to balance the operational control with critical exercise that can escalate up to humans. This working relationship will truly make AI and machine learning applications for cybersecurity defense more effective.
-- Nivedhana U. Prabhu