IoMT devices have unique vulnerabilities. Some are using outdated operating systems with known vulnerabilities. Up to 83% of imaging devices, such as MRI and mammography machines, run unsupported operating systems, making them vulnerable to attack.
Firmware also plays a role. A recent report from Forescout identified vulnerabilities in IoT firmware known as the NAME: WRECK bug, which could allow an attacker to take a device offline or take control of it remotely.
Although widely used, IoMT devices are difficult to secure for a number of reasons. For the IT team, they can represent a blind spot: how many devices are there? Where are they? What are they doing? What are normal communications like? Since many use wireless communication protocols such as Wi-Fi, Bluetooth, or Zigbee, these devices may exist outside the scope of traditional network security management tools.
The patch can be difficult. Many IoMT devices depend on the manufacturer to implement patches or require extreme manual effort if they use built-in real-time operating systems. And, of course, many devices simply cannot be removed for patching. Activities should be planned to avoid increasing the risk to the patient.
READ MORE: Discover the possibilities and pitfalls of wearable technology in healthcare.
5 steps to IoMT device security
Securing IoMT devices requires some traditional steps and others specific to the healthcare industry and its devices. Considering the unique aspects of IoMT devices, here are five recommendations to protect them:
- Take an inventory of devices operating on the network. IT teams need to know where they are, what operating systems they are running, and the state of their network. Medical device discovery tools can take an inventory and perform a security assessment, finding devices potentially vulnerable to cybersecurity attacks. The inventory should include the hardware, software, and firmware levels, as well as the patch management process for each, noting which ones are highly vulnerable. Include IoMT devices in regular penetration tests.
- Strengthen device passwords. Too often, healthcare organizations bring IoMT devices online without changing default usernames and passwords, with deadly consequences. The Mirai botnet launched the largest distributed denial of service attack ever, simply by logging into IoT devices through default passwords. Healthcare IT teams should require strong passwords or passphrases and consider using two-factor authentication for the most critical devices. Organizations should allow devices to see and access only what they need to do their jobs.
- Apply segmentation controls and increased network hygiene. This involves placing parts of the network in different zones or subnets, each of which may have personalized security policies depending on the devices and their users. For example, to mitigate NAME: WRECK, security experts recommend limiting network exposure to critical vulnerable devices by segmenting them from other areas of the network. Some organizations completely segment their IoT networks from their computer networks.
- Stay current with known and released fixes, especially for highly vulnerable devices. Organizations should prioritize and plan for patching to maximize the effect while reducing the impact. When unable to patch, organizations need to isolate devices from the network. Check for insecure or outdated software and firmware. If updates are available, make sure the remediation processes are secure.
- Actively monitor network traffic for malicious packets. Scans should look for those who attempt to exploit the vulnerabilities as well as those that could affect DNS and other network services. Intrusion detection / prevention systems can play a role here, as can anti-malware systems and firewalls. Whenever possible, use machine learning-based systems to establish a basis for normal behavior and stop abnormal behavior that could indicate an attack.
DISCOVER: 3 reasons why wearable devices are bringing new complications for HIPAA compliance.
Stay on top of IoMT device security
IoMT devices are an attractive target. Medical records contain information that can be used for identity theft, making them more valuable to cybercriminals than other types of records. Indeed, the resale price of a health record is 50 times that of the closest type of record: stolen credit cards.
IoMT devices have become ubiquitous in healthcare organizations, with impressive results, but IT professionals must prioritize their security. Basic network hygiene can go a long way in reducing the risks involved, as can patching, isolating the network, and vigilant monitoring of network traffic. IoMT devices no longer have to suffer from security concerns if businesses limit the risks today.