How to secure the IoMT?

February 10, 2022

Post

The IoMT security is of extreme relevance when it comes to the Healthcare and life sciences industry.

According to HealthITSecurity, 34% of healthcare organizations globally reported being hit by IoT ransomware through November 2020, and the sector has seen a 45% increase since then. Also, according to the IoT Security Report 2021, 71% of IT decision-makers in the survey consider the IoT “not very secure”. In these circumstances is relevant to say that for small vulnerabilities there are big consequences. A single exposure in an IoT device can have far-reaching consequences: Attackers can exploit the flaw to access the company’s system from where they can temporarily or permanently shut down the entire network. However, cybercriminals frequently seek to collect ransom money with this, as was the case at the University Hospital in Düsseldorf in the fall of 2020.

For avoiding such increasing attacks on your business, you can take into consideration the following factors to secure the IoMT:

First, you need a wholly profiled, dynamically risk-scored inventory of all managed and uncontrolled endpoints. Clearly, visibility entails tracking each device’s security posture, network status, location, and device consumption. On a per-asset basis, this may imply as many as 100 unique and generic identities, supplemented by photos, maps, Manufacturer Disclosure Statements for Medical Device Security (MDS2s), and other specialized descriptions. Because detecting unlawful asset activity requires extensive knowledge of allowed behavior, each device type’s operational needs and processes must be factored into profile information. This is what comprehensive visibility entails.

To know more about the cybersecurity of medical devices, go visit IoMT and Medical Device Cybersecurity. 

Afterward, make the relevant cuts of the right data instantly available to the suitable systems and workflows is referred to as data orchestration. There needs to be this orchestrated visibility to make the underlying processes continuous. This way, departments can share the same information referenced by cross-functional workflows, and the outcomes can be synchronized.

 The next step is considering endpoint detection and response (EDR). Connected health demands security policies that adapt to care delivery, regardless of location, rather than the other way around. Security must facilitate rather than limit. CrowdStrike has spent the previous decade building EDR capabilities by providing network visibility and telemetry from all workloads. Combining this data with network and endpoint information enables users to determine which information is critical, when it is critical, and where it is vital. CrowdStrike’s 2021 Global Threat Report review of Common Vulnerabilities and Exposures (CVEs) (https://www.crowdstrike.com/resources/reports/global-threat-report-latam/) affecting IoT devices in the healthcare business identifies the following CVEs as the most serious: BlueKeep, DejaBlue, Netlogon.

Another factor for making sure you are securing your IoMT is data-in-transit encryption. The IoMT sends electronic protected health information (ePHI) to a linked application. A linked insulin pump, for example, sends data to the app, allowing the patient and clinician to keep track of glucose levels. The application, however, is connected to the public internet.

At the network level, data-in-transit encryption decreases the effect of eavesdropping and man-in-the-middle attacks. Without the necessary decryption technology, encryption scrambles data, rendering it unintelligible. Even if bad actors gained access to the network, they would not be able to access the data. 

By addressing these long-standing data gaps and incorporating capabilities that directly deal with the realities of current threats, the performance of existing infrastructure may be greatly enhanced. However, to the IoMT extent, there are several areas of risk regarding security; therefore, health delivery organizations must find ways to control damage and rationalize recovery costs. 

About ITJ

ITJ is a trusted partner in building the finest software engineering teams in the Americas. For more information, visit www.itj.com.