Industry Trends

Using Internal Segmentation to Secure the IoMT

By Rajoo Nagar | December 28, 2017

Recent technical advancements have had dramatic effects on the healthcare sector and overall patient care. The cloud, healthcare applications, electronic health records (EHRs), and connected medical devices have simplified communication between patients and physicians, providing medical updates in real-time while encouraging patients to take a more active role in their care. 

While the use of these devices delivers many benefits for medical professionals and patients, the influx of such devices has also widened the attack surface. The healthcare sector is a high-value target for cybercriminals looking to gain access to personal health records, patient financial information, or proprietary research, with 95 percent of healthcare institutions claiming to have been targeted by some form of cyberattack.

To mitigate the cyber risks associated with Internet of Medical Things (IoMT) devices connecting to healthcare networks, security controls must be put in place to ensure that one compromised medical device does not lead to the compromise of the entire network and the loss of valuable patient data.

Cyber Risks of the IoMT

While healthcare IT teams often carefully deploy firewalls along the perimeters of the network, once a threat is successfully inside there are usually few security measures in place to detect it or slow it down. This is one reason why connected IoT medical devices are popular attack vectors for cybercriminals. These internal endpoints have been authorized to access the network as an accepted user. Once through the perimeter defenses, IoMT devices have largely unquestioned access to much of the data stored on the network, making them an ideal target for cybercriminals. In fact, studies showing there are an average of 164 cyber threats detected per 1,000 connected host devices.

Aside from their network access, many IoMT devices are also not designed with security as a core focus, something that the FDA is trying to change with its recent release of industry guidelines for securing medical devices. Still, many devices in use have been built to perform their medical function with little focus on securing the device, or the data they collect, from cyberattacks. This reality further increases the chances of data breaches resulting from IoMT compromise.

Finally, connected medical devices are difficult to patch and perform maintenance on due to their critical uses. If a medical device is performing a life-saving function, there can be no downtime for IT teams to update firmware, or implement software patches. This means that IoMT devices often stay in use and continue to circulate the network even with known vulnerabilities that can be targeted by cybercriminals as an entryway to the network.

Real-Time IoMT Security

The sophistication and frequency of cyberattacks targeting healthcare institutions through IoMT devices means that a breach is more inevitable than ever. Which means that healthcare providers must focus on threat detection in addition to threat prevention. This is why it is increasingly important that healthcare networks employ SIEM (security information and event management) solutions as part of their network security strategy.

SIEM solutions provide real-time protection by gathering data and analytics from every solution deployed to secure the network. This information is cross-correlated and stored in a single location, providing healthcare IT teams with greater visibility into security incidents across the network.

When SIEM detects a security incident, however, it is just as important that IT teams have a mitigation plan in place to minimize dwell time and stop the malicious IoMT device from accessing and compromising the areas of the network where data is stored. Implementing internal segmentation alongside SIEM ensures that once a threat is detected within the network, it will be isolated to a single location, ensuring the entire network cannot be compromised by one compromised device.

IoMT Security with Internal Segmentation

Internal segmentation gives healthcare IT teams a simplified view of traffic moving across the network to detect anomalous data movement that might indicate a breach or compromised IoMT device. This visibility into east-west network movement allows IT teams to see when devices move laterally across the network into different segments. Internal Segmentation Firewalls (ISFWs) are designed to detect and stop malicious code from crossing over into additional segments of the network, thereby isolating the threat. Furthermore, ISFWs can enable policy-driven segmentation, which assigns different levels of security clearance based on user identities. 

Of course, implementing and maintaining all of these barriers within the network can cause concerns around performance. The flat, open structure of most networks, though insecure, is designed to allow information to make lateral movements quickly. These concerns would be true if organizations attempted to deploy a traditional perimeter firewall deep within the network. However, ISFWs are specifically engineered to add a layer of protection to these open networks without comprising speed by supporting wire-speed internal traffic, low latency and high throughput performance. 

Final Thoughts

To keep up with medical innovation and patient demands, healthcare providers have to adapt to patient-centric trends such as connected medical devices. However, they also must be aware of the vulnerabilities that come with these devices that increase their chances of a data breach. Internal segmentation offers healthcare IT teams the ability to embrace new digital medical solutions while adding another layer of security to network and data protection, without compromising performance or reliability. 

Read more about Fortinet solutions for healthcare.

Read more about internal segmentation strategies from Fortinet.