search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBER RISKS


It is not until an inventory is built that the magnitude of the issue becomes apparent


l Risk stratification where 8,333 devices have a high-risk profile of which 397 are medical in nature.


This information has been synthesised into a programme of work involving IT, facilities management, and biomedical engineering which includes patching, firewalling, network segmentation, and equipment replacement. A further unexpected benefit has been


the improved asset identification which in turn has provided the ability to report and understand device utilisation and analytics. This provides better decision- making processes around device procurement, usage optimisation, maintenance, and service planning around networked hospital devices.


Securing your healthcare IoT devices for your organisation While not claiming to be an expert, the journey thus far spanning several years has been a steep learning curve. The following suggestions are made to assist those that may be less advanced in securing non-traditional IT networked devices. Making your healthcare organization secure and protected against the risk IoT devices exposes you to requires a mix of fundamental cybersecurity practices and targeted efforts.


Ensure you have the appropriate asset visibility and inventory solutions Make sure you have the tools and process to know exactly what is making up your environment and what is interacting with your network. This is crucial for ensuring your additional safeguards and protective solutions are incorporating all of your devices (Fig 4).


Change all default passwords to pass-phrases Make sure all connected devices in your network and environment have a secure password – not the default one the manufacturer put in place.


Ensure generic passwords are not used for service access. Where possible issue time limited temporary access Service network passwords are used without the hospital knowledge, often shared, or written down.


Ensure that all switches do not use default port settings – e.g. all set to VLAN 1 VLAN 1 was never intended to be used as standard VLAN to carry network data. By default configuration, any Access Link on


IFHE DIGEST 2024


a Cisco switch is set to VLAN 1, causing a major security issue as direct access to the network backbone is given. As a consequence, VLAN 1 can end up unwisely spanning the entire network if not appropriately pruned.


Maintain a regular patch management process Just like with any tool or software, IoT device manufacturers often release security updates to nullify any discovered vulnerabilities or exploits. Failure to update these devices on the organization’s side is an easy way to leave yourself vulnerable.


Leverage network segmentation tools and maintain logical grouping together with current documentation To limit the potential of a malicious attacker using an IoT device as their way into your organisation’s network, you have to isolate IoT devices by placing them in their own network via network segmentation. This ensures that, even if a device is compromised, an attacker cannot reach your network where more sensitive files or assets can be found.


Use monitoring tools to detect unusual behaviour Network, device, and traffic monitoring tools can detect whether a device has been accessed by an unknown or new user, if multiple attempts to access a device have been made, or whether a device is behaving erratically in case of a compromise. These tools will alert you to any issues and give you more time to react appropriately.


Employ an endpoint detection and response (EDR) solution An EDR tool, used for all endpoints, not just IoT devices, is a must for all organisations in today’s environment.


If you do not have one yet, make sure you do your due diligence to find an EDR solution that works with your particular industry and make-up or organisation as well as your needs.


Do not document logon details on laminated sheets, or in readily accessed documentation In hospitals there are many casual or temporary staff that need access to IT infrastructure. Elimination of shared password is basic hygiene.


Ensure vendor service and service contracts include management of software patches Patching is best performed by the equipment vendor or specialist support company.


Conclusion Healthcare IoT and IoMT cybersecurity is just part of modern security hygiene and preventative maintenance. The risk introduced by IoT, medical devices, and building control and management infrastructure represents yet another aspect of healthcare cybersecurity that requires attention and resources. The healthcare industry is under attack in a major way and it is time that health facility managers to see cybersecurity improvement as an absolute necessity, dedicating the budget and staff appropriately. While it is still not always feasible for in-house solutions or teams to address all the risks and concerns these organization are currently facing, hospital facility managers should consider partnering with cybersecurity solutions experts who offer a wide suite of cybersecurity services and tools dedicated to preventing compromises while also providing important resources in case a company is breached or a hacker makes their way in. I will leave you with this final thought: “Imagine if the lift controller systems were shut down, patients could not be moved effectively to theatres and wards for urgent critical care.”


IFHE


Figure 4. Detected device types represented graphically. 39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98