According to a report from MarketResearch.com, millions of new Internet of Medical Things (IoMT) will be added to health systems and the market segment is poised to hit $117 billion by 2020. Medical device manufacturers have traditionally focused on patient safety and time to market rather than security. Long FDA approval cycles mean that approved devices are often running outdated operating systems versions with known vulnerabilities and limited or no patching ability. This lack of adequate security in IoT and IoMT is why Gartner is predicting that by 2020 25% of all enterprise breaches will involve IoT. Securing IoMT requires close collaboration between biomedical and IT teams and a plan to address three core areas of IoMT security – physical, connection and data. This session will focus on practical steps to improving IoMT security without expensive infrastructure upgrades or wholesale legacy medical device replacements.
2. 2
INTERNET OF MEDICAL THINGS (IoMT): $163B BY 2020, 38% CAGR
• 10-15 Device per Bed
• ~50% Networked
Source: Markets and Markets, Oct 2015
3. 3
A Glimpse into the Numbers
72%Malicious traffic targeted
at Healthcare Providers
40% YoY Increase in
Healthcare Cyber
Attacks
81% of healthcare providers have
revealed one or more systems have
been compromised
HEALTHCARE CONTINUES TO BE THE TOP TARGET FOR CRIMINALS
Source: KPMG 2015 Healthcare Survey
4. 4
MRI Device Hacked to Access Patient Information
Researcher “was able to hack into the hospital's network with ease – and permission
– after finding vulnerable medical devices listed on Shodan.”-International Business
Times, Feb 15 2006
RESEARCHES HAVE BEEN HIGHLIGHTING IoMT VULNERABILITIES
Infusion Pump Hacked to Administer Fatal Drug Dose
Security Professionals “showed how easy it is for hackers to take control of a hospital drug
infusion pump by overwriting the device’s firmware with malicious software. The hack would
allow someone to remotely administer a fatal drug dose to patients.”
Aug 12, 2015
5. 5
• 7-8 year device development life cycle
• Devices built for patient safely not security
• Use of outdated OS with known vulnerabilities
• Ltd or no patching capability
• No support for 3rd party security agent
• Till recently, limited regulatory focus on security
• Unencrypted communication
REASONS FOR IoMT VULNERABILITIES
Attackers are infecting medical devices with malware and then moving laterally through
hospital networks to steal confidential data, according to TrapX’s MEDJACK report. (2015)
6. 6
2016 HIMSS Cybersecurity Survey: Greatest Areas of Vulnerabilities
Top 5 Greatest Areas of Vulnerabilities (1-7 on a Likert-type scale)
1. E-mail (5.00 acute, 5.30 non-acute)
2. Mobile devices (4.81 acute, 4.72 non-acute)
3. Internet of Things (4.79 acute, 3.56 non-acute)
4. Other End User Devices (4.42 acute, 4.30 non-acute)
5. Network (4.17 acute, 4.07 non-acute)
7. 7
2016 HIMSS Cybersecurity Survey: Information Security Tools
Low Rates of Implementation:
1. Network monitoring tools (54.6% acute, 45.2% non-acute)
2. Mobile device management (56.3% acute, 35.5% non-acute)
3. Intrusion detection system (57.1% acute, 41.9% non-acute)
4. Intrusion prevention system (49.6% acute, 41.9% non-acute)
5. Data loss prevention (38.7% acute, 25.8% non-acute)
9. 9
Inventory type, usage and location of each medical device
Determine know vulnerabilities in each device type (OS, patching, default settings, etc.)
Score Device Risk Based on type, use, location and data transmitted
!
!
!
IoMT SECURITY FRAMEWORK: IDENTIFY SCOPE
#1 Inventory of Authorized and
Unauthorized Devices
10. 10
• Procurement: Collaboration between IT & Biomedical
• Add security assessment as a key criterion
• Deployment: Segmenting devices based on risk
• Monitoring: Process continuous monitoring and assessment
• Migration Plan: Process of replacing high risk devices
IoMT SECURITY FRAMEWORK: IDENTIFY GAPS & UPDATE PROCESSES
According to SANS Institute, 50% + of
incident response takes over 3 hours
per endpoint.
- 2016 Endpoint Security Report
11. 11
GREAT BAY SOFTWARE: COMPANY SNAPSHOT
10+
$1B+
100%
20MM+
Years Experience Securing
Enterprises
Implementation Success Rate
Investment Fund Backed
Devices Secured
200+ Customer Installations
Beacon Product Suite
5th Generation
Subscription Pricing Model
Experienced Management Team
13. 13
ENHANCED SECURITY, MANAGEMENT & OPERATIONS
IoT and
Biomedical Device
Warehouse of
Context
Active Directory &
Radius Accounting
DNS & DHCP
SNMP Traps &
Polls, IP Helper
Wireless
Controllers
NetFlow / JFlow
Port Mirroring /
SPAN
Integrations:
MDM, NAC, etc.
Security
Operations
Management
MDM
EPP/EDR
NAC ATD
Asset
Management
Security Ops
Ingests and Correlate Hundreds of
Endpoint Attributes from Dozens
of Data Sources Industry’s Most Accurate Artificial Intelligence Expert System-
Based Profiling Engine Leverages 1,400+ Pre-Built Device Profile
IoT Gateway
14. 14
UNIQUE ARTIFICIAL INTELLIGENCE EXPERT SYSTEM-BASED BEHAVIOR MONITORING
BehaviorIdentity Location
New York
San Francisco
9100, 515, 80, 443
FTP (21) SSH (22), Telnet (23)
Only Vendor with Device (not User)
Centric Behavior Monitoring
Prepares you for Estimated 25% of
Breached Expected to Involve
IoT/Unmanaged Devices by 2020
Detects and Flags Unusual Changes in Identity, Location and Behavior
Network Intrusion
MAC Spoofing
Rouge AP
Rouge Device
Vulnerable Devices
Unauthorized Access
Detect
15. 15
Problem:
Solution:
Result:
Securing Medical and Unmanageable Devices
Beacon Endpoint Profiler
• Real-time identification of 100% of the medical and unmanaged devices
• Automatically on-boards the device by establishing profile-based trust
• Accelerate incident response by pinpointing the exact real-time location of the device
• 7,600 endpoints authenticated (100% of medical and unmanaged devices)
• Savings of 2 FTEs
• Real time device visibility and behavior monitoring
• Regulatory Compliance (HIPPA, PCI)
CASE STUDY
Bio Medical Devices and IoT
Market expected to be $163 Billion by 2020
Marketresearch.com
Expected to save Patients, Providers, and Payers Billions of Dollars in Asthma Alone
Goldman Sachs
Roughly 15 Devices per bed
FDA Mandates devices are connected to the network
Bad guys practicing on their own purchased models
Networks increasing in size and creating larger attack surface
APT-Nation State
Types of Cyber Criminals
Script Kiddies-The most basic and least skilled attackers
Hacktivists-Politically Motivated
Cyber Criminals-Stereo Typical Attacker Looking to make Money
Nation State Attackers-Sponsored Groups to launch extensive cyberwarfare
The Numbers
72% of malicious traffic targeted Healthcare Providers
Healthcare Cyber Attacks increase 40% YoY
KPMG 2015 Healthcare Survey states 81% of people revealed one or more of their systems was compromised within the last year
Data vulnerable from Bio-Medical Devices
Images
X-Ray
CT
MRI
Ultrasound
Waveforms
ECG
BP
EEG
Demographic Information
Vital Signs
Heart Rate
BP
Pulse OX
Respiration
Temperature
Alarm Parameters
Drug Type & Dosage
Control and Configuration Settings
Infusion Rates
Therapy Timers
Anesthesia
Radiation Delivery Settings
Laboratory Results
Sounds from blood flow and respiration
Insecure Medical Devices
EoL Operating Systems
Devices have a 7-8 year life cycle
OS & Software are baked in years prior to release
Unsecure Bluetooth of Wi-Fi Connections
Who purchases
Typically 15 per bed