IoMT devices have unique vulnerabilities. Some use outdated operating systems with known vulnerabilities. As many as 83 percent of imaging devices, such as MRI and mammography machines, run unsupported operating systems, leaving them open to attack.
Firmware also plays a role. A recent report by Forescout identified vulnerabilities in IoT firmware called the NAME:WRECK bug, which could allow an attacker to take a device offline or gain control over it remotely.
Though they’re widely used, IoMT devices are difficult to secure for a number of reasons. For the IT team, they may represent a blind spot: How many devices are there? Where are they? What do they do? What do normal communications look like? Because many use wireless communication protocols such as Wi-Fi, Bluetooth or Zigbee, these devices may exist outside the scope of traditional network security management tools.
Patching can be challenging. Many IoMT devices rely on the manufacturer to implement patches or require extreme manual effort if they use embedded real-time operating systems. And, of course, many devices simply can’t be taken down for patching. Activities must be planned to avoid increasing patient risk.
5 Steps Toward IoMT Device Security
Securing IoMT devices calls for some traditional steps and others that are specific to the healthcare industry and its devices. Taking into consideration the unique aspects of IoMT devices, here are five recommendations for safeguarding them:
- Take an inventory of devices running on the network. IT teams should know where they are, the operating systems they are running and their network statuses. Medical device discovery tools can take an inventory and perform a security assessment, finding devices that are potentially vulnerable to cybersecurity attacks. Inventory should include the hardware, software and firmware levels, and the patch management process for each, noting those that are highly vulnerable. Include IoMT devices in regular penetration testing.
- Strengthen device passwords. All too often, healthcare organizations bring IoMT devices online without changing factory-default usernames and passwords, with deadly consequences. The Mirai botnet launched the biggest distributed denial of service attack ever seen, simply by connecting to IoT devices via default passwords. Healthcare IT teams should require strong passwords or passphrases and consider using two-factor authentication for the most critical devices. Organizations should allow devices to see and access only what they need to do their jobs.
- Enforce segmentation controls and increased network hygiene. This involves putting parts of the network into different zones or subnetworks, each of which can have customized security policies based on the devices and their users. For example, to mitigate NAME:WRECK, security experts recommend limiting the network exposure of critical vulnerable devices by segmenting them from other areas of the network. Some organizations segment their IoT networks from their IT networks altogether.
- Stay on top of known and released patches, especially for highly vulnerable devices. Organizations should prioritize and schedule the application of patches to maximize the effect while reducing the impact. Where they can’t patch, organizations should isolate devices from the network. Check for nonsecure or outdated software and firmware. If updates are available, make sure the patching processes are secure.
- Actively monitor network traffic for malicious packets. Scans should look for those trying to exploit vulnerabilities as well as those that could affect DNS and other network services. Intrusion detection/prevention systems can play a role here, as can anti-malware systems and firewalls. Where possible, use machine learning–based systems to establish a baseline of normal behavior and stop anomalous behavior that could indicate an attack.
Stay on Top of IoMT Device Security
IoMT devices represent an attractive target. Medical records contain information that can be used for identity theft, making them more valuable to cybercriminals than other types of records. In fact, the resale price for a healthcare record is 50 times that of the next-closest record type: stolen credit cards.
IoMT devices have become ubiquitous in healthcare organizations, with impressive results, but IT professionals must prioritize their security. Basic network hygiene can go a long way toward reducing the risk they bring, as can patching, network isolation and vigilant monitoring of network traffic. IoMT devices no longer have to suffer from security issues if organizations rein in the risks today.