Written by Phil Howe, CTO, Core to Cloud
COVID-19 has accelerated the digital transformation of the healthcare industry and is helping healthcare organisations to adapt to the new reality and offer effective patient care. Now, virtual healthcare tools have been widely implemented to improve healthcare delivery and quality, reduce costs, increase care efficiency, and boost revenue. The Internet of Things (IoT) is just one technology that is helping to improve the quality of input information and analysis. Today a range of connected medical devices are being utilised across the healthcare industry, but these devices need to be protected to ensure patient safety.
The challenges around securing medical devices
However, this is easier said than done. Securing medical devices on clinical networks is not straightforward and is compounded by problems such as:
- security updates, patches and potentially virus signatures must be properly assessed by the supplier and confirmed as safe before they can be implemented on the medical device. This can take three months from the time that a security update is released.
- when security updates are released, they are retro-analysed by attackers, increasing the likelihood that exploitable vulnerabilities will become known.
- the latest security mitigations not being present increases the impact of vulnerabilities, making exploitation more likely to succeed, and making detection of any exploitation more difficult.
Finding a clientless way to secure devices
NHS Trusts need to find a way to protect these devices while tackling the challenges outlined above. However most devices can’t be scanned in real-time, because if they are taken out of service this could impact patient care. Therefore, Trusts need a clientless way to secure devices, provide an overview of vulnerabilities, as well as granular device information on aspects like utilisation and segmentation.
This is one of the reasons why we partnered with Cylera, a leading IoT healthcare cybersecurity provider. Cylera’s MedCommand platform is purpose-built to solve these technological and operational challenges. The platform delivers real-time visibility, inventory, operational intelligence, risk and vulnerability analysis, risk mitigation, segmentation, and threat detection and response.
Additionally, the platform’s capability is unified through a central management console to streamline operations and provide value across multiple sites and teams.
Creating a virtual digital twin
But what is really clever is that Cylera learns the behaviour of each medical device and creates a virtual digital twin. Then it leverages industry standard and proprietary scanning technology to scan the digital twin, 24 x 7, and notify the Trust in real-time of vulnerabilities and threats, anomalous behaviour as well as outdated firmware and so much more.
Likewise, Cylera’s Patented Adaptive Data Type Analysis automatically identifies Zero Day devices and Zero Day protocols. So, if a new, never before seen type of medical device is speaking to a new, unknown protocol which is dropped onto their network, it will identify it and proactively notify the customer about the device and its physical location, reducing exposure to unknown risks from that device. And it automates the manual labour-intensive task of creating policies, reducing time to mitigate risk and improving productivity, as well as providing deep medical device utilisation analytics that can be used to optimise patient scheduling.
Dartford and Gravesham NHS Trust
One great example of the Platform in action is Dartford and Gravesham (DGT) NHS Trust who, through Core to Cloud, chose Cylera to safeguard its medical device and IoT infrastructure. As one of the key hospital trusts in North Kent, DGT provides acute and outpatient services. DGT recognised the need to identify and secure its medical devices as a top priority. However, other more generalist solutions considered could scan networks and inventory devices, but only Cylera provided the ability to examine and quantify real-time risks to patient safety and clinical services, align with regulatory requirements, and optimise clinical workflows and devices, all in one simplified platform.
Why not join us?
If you are interested in finding out more, why not join our LinkedIn Live event: Securing what matters most: healthcare devices ensuring patient safety on 27th July at 4.00 pm BST and understand how you can better secure your connected environment. To register click here.