As healthcare providers use digital devices like diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Palo Alto Networks announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organisations to deploy and manage new connected tech quickly and securely.
Zero Trust is a strategic approach that secures a firm by eliminating implicit trust by continuously verifying every user and device. While Zero Trust is critical to help protect medical devices against innovative cyberthreats, it can be hard to implement in practice.
How is Medical IoT Security guarding against attacks?
Commenting on the solutions, Anand Oswal, Senior Vice President of Products, Network Security at Palo Alto Networks, said, “The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured
“For example, according to Unit 42, 75% of smart infusion pumps examined on the networks of healthcare firms had known security gaps. This makes security devices an attractive target for cyberattackers, exposing patient data and putting patients at risk.”
“There is no doubt that medical IoT devices have the ability to improve medical outcomes. But the decentralised deployment of IoT devices in hospitals and the complexity of hospital environments can make them difficult to secure, leaving our medical facilities vulnerable to a cyber attack,” says Alex Nehmy, Director of Industry 4.0 Strategy at Palo Alto Networks.
“There are so many hospitals that may not even know how many connected devices they have, let alone how secure they are. So, by giving hospitals visibility of their connected devices, with a purpose-built security solution to identify vulnerabilities across the ecosystem, we can protect patient data and ultimately people’s lives,” Alex Nehmy further commented.
Why is Palo Alto Networks’ solution a timely one?
“Maintaining acute situational awareness of the Internet of Medical Things environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect and respond to cyber threats is critical to ensuring minimal operational impact to operations during a cyber event,” said Tony Lakin, CISO, Moffitt Cancer Center.
“Palo Alto Networks IoT capability seamlessly integrates with our monitoring processes and threat-hunting operations. The platform provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio.”
“With thousands of devices to manage, healthcare environments are complex and require intelligent security solutions. Palo Alto Networks understands this need and is leveraging machine learning for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage,” said Bob Laliberte, Principal Analyst, ESG.
“Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical Internet-of-Things devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases,” commented Ed Lee, Research Director, IoT and Intelligent Edge Security at IDC.
“The ability to defend against threats while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is becoming a necessity for the protection of patient data and lives.”
What is the market offering of Medical IoT Security?
Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a simplified manner. Medical IoT Security also provides threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, like Advanced Threat Prevention and Advanced URL Filtering.
The Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable firms to:
- Create device rules with automated security responses: Easily create rules that monitor devices for behavioural anomalies and trigger appropriate responses. For example, if a medical device that only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
- Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Gen Firewalls or supported network enforcement tech. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices.
- Understand device vulnerabilities and risk posture: Access each medical device’s Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This helps identify the software libraries used on medical devices and associated vulnerabilities. Get insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorised external website communication.
- Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
- Verify network segmentation: Visualise the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorised systems.
- Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, help automate workflows.
Today, several Healthcare organisations are using Palo Alto Networks innovative products to secure the devices that deliver cutting-edge care to millions of patients all over the world.