search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBER SECURITY


AAA Server 3 devices


ATM 1 device


Access Control 33 devices


Access Point 991 devices


BACnet Broadcast Management Device (BBMD) 2 devices


BACnet Router 21 devices


BACnet Router & BBMD 2 devices


Blood Gas Analyser 7 devices


1 Model 0 High Risk


Body Composition Analyser 3 devices


0 Models 0 High Risk


Bone Densitometry 3 devices


1 Model 17 High Risk Building


Automation Controller 10 devices


17 Models 0 High Risk Building


Automation Device 127 devices


0 Models 0 High Risk Building


Management System 8 devices


1 Model 0 High Risk C-Arm


13 devices


0 Models 1 High Risk


Cardiac Rhythm Management 2 devices


3 Models 2 High Risk


Central Station 2 devices


1 Model Clock 11 devices


3 High Risk


2 Models 3 High Risk


Computed Tomography 4 devices


3 Models 0 High Risk


Conference Room 3 devices


0 Models 23 High Risk


DICOM Gateway 4 devices


1 Model


2 High Risk


Defibrillator 24 devices


6 Models 6 High Risk


Diagnostic Workstation 11 devices


1 Model


2 High Risk


Digital Fluorography 1 device


1 Model


1 High Risk


Digital Radiography 8 devices


0 Models 0 High Risk


4 Models 4 High Risk


1 Model 0 High Risk


1 Model


3 High Risk


1 Model 0 High Risk


3 Models 11 High Risk


1 Model


1 High Risk


5 Models 8 High Risk


Figure 4: The author recommends healthcare providers have a robust and comprehensive inventory of ‘connected’ devices to ensure they know where the highest cybersecurity risks lie.


what is interacting with your network. This is crucial for ensuring that your additional safeguards and protective solutions are incorporating all of your devices.


2 Change all default passwords to pass- phrases If you haven’t already, make sure that all connected devices in your network and environment have a secure password, not the default one the manufacturer put in place.


3 Ensure that generic passwords are not used for service access Where possible, issue time-limited temporary access. Service network passwords are used without the hospital knowledge, often shared, or written down.


4 Ensure that all switches do not use default port settings – e.g. all set to VLAN 1 VLAN 1 was never intended to be used as standard VLAN to carry network data. By default configuration, any Access Link on a Cisco switch is set to VLAN 1, causing a major security issue, as direct access to the network backbone is given. As a consequence, VLAN 1 can end up unwisely spanning the entire network if not appropriately pruned.


5 Maintain a regular patch management process Just like with any tool or software, IoT device manufacturers often release security updates to nullify any discovered vulnerabilities or exploits. Failure to update these devices on the organisation’s side is an easy way to leave yourself vulnerable.


6 Leverage network segmentation 28 Health Estate Journal May 2024


tools and maintain logical grouping together with current documentation To limit the potential of a malicious attacker using an IoT device as their way into your organisation’s network, you have to isolate IoT devices by placing them in their own network via network segmentation. This ensures that, even if a device is compromised, an attacker can’t reach your network, where more sensitive files or assets can be found.


7 Use monitoring tools to detect unusual behaviour Network, device, and traffic monitoring tools can detect whether a device has been accessed by an unknown or new user, if multiple attempts to access a device have been made, or whether a device is behaving erratically in case of a compromise. These tools will alert you to any issues, and give you more time to react appropriately.


8 Employ an endpoint detection and response (EDR) solution An EDR tool, used for all endpoints, not just IoT devices, is a must for all organisations in today’s environment. If you don’t have one yet, make sure you do your due diligence to find an EDR solution that works with your particular industry and make-up or organisation, as well as your needs.


9 Do not document logon details on laminated sheets, or in readily accessed documentation In hospitals there are many casual or temporary staff that need access to IT infrastructure. Elimination of shared passwords is basic hygiene.


10 Ensure vendor service and service contracts include management of


software patches Patching is best performed by the equipment vendor or specialist support company.


Conclusion Healthcare IoT and IoMT cybersecurity is just part of modern security hygiene and preventative maintenance. The risk introduced by IoT, medical devices, and building control and management infrastructure, represents yet another aspect of healthcare cybersecurity that requires attention and resources. The healthcare sector is under attack in a major way, and it’s time that health Facilities managers see cybersecurity improvement as an absolute necessity, dedicating the budget and staff appropriately. While it’s still not always feasible for in-house solutions or teams to address all the risks and concerns these organisations are currently facing, hospital Facilities managers should consider partnering with cybersecurity solutions experts who offer a wide suite of cybersecurity services and tools dedicated to preventing compromises, while also providing important resources in case a company is breached or a hacker makes their way in. I will leave you with this final thought: ‘Imagine if the lift controller systems were shut down; patients could not be moved effectively to theatres and wards for urgent critical care.’


n Acknowledgment


This article, titled ‘Attacking cyber risks that are unique to hospitals’ was first published in the July 2023 issue of Healthcare Facilities, the official journal of the Institute of Healthcare Engineering, Australia. HEJ wishes to thank the author, the IHEA, and the magazine’s publisher, Adbourne Publishing, for allowing its reproduction here in slightly edited form.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72