According to a report from MarketResearch.com, millions of new Internet of Medical Things (IoMT) will be added to health systems and the market segment is poised to hit $117 billion by 2020. Medical device manufacturers have traditionally focused on patient safety and time to market rather than security. Long FDA approval cycles mean that approved devices are often running outdated operating systems versions with known vulnerabilities and limited or no patching ability. This lack of adequate security in IoT and IoMT is why Gartner is predicting that by 2020 25% of all enterprise breaches will involve IoT. Securing IoMT requires close collaboration between biomedical and IT teams and a plan to address three core areas of IoMT security – physical, connection and data. This session will focus on practical steps to improving IoMT security without expensive infrastructure upgrades or wholesale legacy medical device replacements.

1. SECURING INTERNET OF MEDICAL THINGS
Manish Rai
VP Marketing
December 2nd, 2016

2. 2
INTERNET OF MEDICAL THINGS (IoMT): $163B BY 2020, 38% CAGR
• 10-15 Device per Bed
• ~50% Networked
Source: Markets and Markets, Oct 2015

3. 3
A Glimpse into the Numbers
72%Malicious traffic targeted
at Healthcare Providers
40% YoY Increase in
Healthcare Cyber
Attacks
81% of healthcare providers have
revealed one or more systems have
been compromised
HEALTHCARE CONTINUES TO BE THE TOP TARGET FOR CRIMINALS
Source: KPMG 2015 Healthcare Survey

4. 4
MRI Device Hacked to Access Patient Information
Researcher “was able to hack into the hospital's network with ease – and permission
– after finding vulnerable medical devices listed on Shodan.”-International Business
Times, Feb 15 2006
RESEARCHES HAVE BEEN HIGHLIGHTING IoMT VULNERABILITIES
Infusion Pump Hacked to Administer Fatal Drug Dose
Security Professionals “showed how easy it is for hackers to take control of a hospital drug
infusion pump by overwriting the device’s firmware with malicious software. The hack would
allow someone to remotely administer a fatal drug dose to patients.”
Aug 12, 2015

5. 5
• 7-8 year device development life cycle
• Devices built for patient safely not security
• Use of outdated OS with known vulnerabilities
• Ltd or no patching capability
• No support for 3rd party security agent
• Till recently, limited regulatory focus on security
• Unencrypted communication
REASONS FOR IoMT VULNERABILITIES
Attackers are infecting medical devices with malware and then moving laterally through
hospital networks to steal confidential data, according to TrapX’s MEDJACK report. (2015)

6. 6
2016 HIMSS Cybersecurity Survey: Greatest Areas of Vulnerabilities
Top 5 Greatest Areas of Vulnerabilities (1-7 on a Likert-type scale)
1. E-mail (5.00 acute, 5.30 non-acute)
2. Mobile devices (4.81 acute, 4.72 non-acute)
3. Internet of Things (4.79 acute, 3.56 non-acute)
4. Other End User Devices (4.42 acute, 4.30 non-acute)
5. Network (4.17 acute, 4.07 non-acute)

7. 7
2016 HIMSS Cybersecurity Survey: Information Security Tools
Low Rates of Implementation:
1. Network monitoring tools (54.6% acute, 45.2% non-acute)
2. Mobile device management (56.3% acute, 35.5% non-acute)
3. Intrusion detection system (57.1% acute, 41.9% non-acute)
4. Intrusion prevention system (49.6% acute, 41.9% non-acute)
5. Data loss prevention (38.7% acute, 25.8% non-acute)

8. 8
Determine
Scope
• Inventory IoMT Device
• Determine Vulnerabilities
• Categorize Based on Risk
Identify Gaps
& Update
Processes
• Procurement
• Deployment
• Monitoring
• Migration Plan
IoMT SECURITY FRAMEWORK

9. 9
Inventory type, usage and location of each medical device
Determine know vulnerabilities in each device type (OS, patching, default settings, etc.)
Score Device Risk Based on type, use, location and data transmitted
!
!
!
IoMT SECURITY FRAMEWORK: IDENTIFY SCOPE
#1 Inventory of Authorized and
Unauthorized Devices

10. 10
• Procurement: Collaboration between IT & Biomedical
• Add security assessment as a key criterion
• Deployment: Segmenting devices based on risk
• Monitoring: Process continuous monitoring and assessment
• Migration Plan: Process of replacing high risk devices
IoMT SECURITY FRAMEWORK: IDENTIFY GAPS & UPDATE PROCESSES
According to SANS Institute, 50% + of
incident response takes over 3 hours
per endpoint.
- 2016 Endpoint Security Report

11. 11
GREAT BAY SOFTWARE: COMPANY SNAPSHOT
10+
$1B+
100%
20MM+
Years Experience Securing
Enterprises
Implementation Success Rate
Investment Fund Backed
Devices Secured
200+ Customer Installations
Beacon Product Suite
5th Generation
Subscription Pricing Model
Experienced Management Team

12. 12
ACT
SEE
GREAT BAY VISION
IoT /
Biomedical
Device
Connection
Security
Monitoring
• Identity
• Behavior
• Location
Onboarding
• Authenticate Device
• Onboard Automatically
• Segment
Enforcement
• Alert
• Quarantine
• Block
Visibility
• Real-time Discovery
• Comprehensive Profiling
• Every Network

13. 13
ENHANCED SECURITY, MANAGEMENT & OPERATIONS
IoT and
Biomedical Device
Warehouse of
Context
Active Directory &
Radius Accounting
DNS & DHCP
SNMP Traps &
Polls, IP Helper
Wireless
Controllers
NetFlow / JFlow
Port Mirroring /
SPAN
Integrations:
MDM, NAC, etc.
Security
Operations
Management
MDM
EPP/EDR
NAC ATD
Asset
Management
Security Ops
Ingests and Correlate Hundreds of
Endpoint Attributes from Dozens
of Data Sources Industry’s Most Accurate Artificial Intelligence Expert System-
Based Profiling Engine Leverages 1,400+ Pre-Built Device Profile
IoT Gateway

14. 14
UNIQUE ARTIFICIAL INTELLIGENCE EXPERT SYSTEM-BASED BEHAVIOR MONITORING
BehaviorIdentity Location
New York
San Francisco
9100, 515, 80, 443
FTP (21) SSH (22), Telnet (23)
Only Vendor with Device (not User)
Centric Behavior Monitoring
Prepares you for Estimated 25% of
Breached Expected to Involve
IoT/Unmanaged Devices by 2020
Detects and Flags Unusual Changes in Identity, Location and Behavior
 Network Intrusion
 MAC Spoofing
 Rouge AP
 Rouge Device
 Vulnerable Devices
 Unauthorized Access
Detect

15. 15
Problem:
Solution:
Result:
Securing Medical and Unmanageable Devices
Beacon Endpoint Profiler
• Real-time identification of 100% of the medical and unmanaged devices
• Automatically on-boards the device by establishing profile-based trust
• Accelerate incident response by pinpointing the exact real-time location of the device
• 7,600 endpoints authenticated (100% of medical and unmanaged devices)
• Savings of 2 FTEs
• Real time device visibility and behavior monitoring
• Regulatory Compliance (HIPPA, PCI)
CASE STUDY

16. 16
Questions?
Manish Rai
VP of Marketing
Great Bay Software
mrai@greatbaysoftware.com