Connected devices, from internet-enabled Operational Technology (OT) like HVAC and security systems to IoT and IoMT (Internet of Medical Things) like IV pumps and patient monitors, represent a growing cybersecurity threat to hospitals and healthcare facilities labs. 

Why are connected devices a vulnerability?

Though organizations have increased spending on IT security solutions, most traditional cybersecurity systems are not able to identify OT, IoT, and IoMT devices on their network. Detection as a protective perimeter is ineffective without visibility into the devices or software meant to safeguard connected devices. What’s more, once a breach occurs, intruders have the ability to move laterally through the network.

Consider that hospitals can have 15 to 20 networked devices per bed and that larger facilities may have 85,000 non-IT medical devices. It is little wonder that 93 percent of healthcare organizations experience a data breach, and in 2021, 57 percent of healthcare organizations had more than five breaches.

Those vulnerabilities and breaches will only continue to grow. Leading technology consultancy Gartner forecasts that by 2023, the typical chief information officer will be responsible for three times the number of network endpoints they managed just five years earlier and that most healthcare CIOs lack an updated and accurate inventory of the networked devices in their systems.

Healthcare IT leaders need to recognize the weakness of their current cybersecurity systems and address these rising threats to ensure not only the safety of patients’ data but also the safety of the patients themselves.

At the core of the security issue is that workloads are not secure once they leave the device and enter the network solution. Data from devices can travel over Wi-Fi, private 5G networks, wired connections, or LiFi to either a premise cloud, edge cloud, or public cloud. Each cloud environment has its own security rules for workloads.

That means it is not enough to secure the tunnels between sites or networks. A security solution must close any gaps in security between these environments to protect workloads from attack. It must maintain discrete segments for classes of devices, no matter where the workloads travel. Otherwise, the gaps in the segmentation scheme (and security policies in general) will become the creases through which attackers penetrate and travel unchallenged throughout the network. The best way to achieve device/edge to cloud security is to use a network overlay that cryptographically secures OT/IoT workloads, protecting them from corruption at any point in the workflow.

And the time to move to that security is now. In 2022, cyberattacks continue to strike the healthcare sector. Sophisticated actors continue their attempts to exploit enterprise firewalls using compromised connected devices and systems. That has prompted the federal government to issue more cybersecurity guidance for healthcare providers. In addition, the Biden Administration has set a 2024 timeline for federal organizations to implement a Zero Trust security strategy that includes network microsegmentation.

The healthcare sector’s security architects, IT professionals, and business leaders should prioritize the hardening of enterprise systems through an advanced microsegmentation technique known as cryptographic segmentation.

The author, Scott Martin, is Chief Marketing Officer at Onclave Networks. Onclave Networks, Inc. is a recognized and experienced leader in delivering scalable cryptographic microsegmentation solutions for the healthcare environment. Our enterprise-grade network solutions for hospitals protect the ever-expanding healthcare network perimeter, including remote patient monitoring and telehealth applications, while addressing HIPAA and HITECH compliance requirements. For more information, visit onclavenetworks.com.