Endpoint attacks on medical management have become common today. Learn about some tips that can help you increase the security of such devices.
Ponemon recently created a report in which they demonstrated how attacks on the healthcare industry aren’t only prevalent but they’re also quite costly. This is especially true of “endpoint” attacks, which are known to cost the industry as much as $1.38 billion annually. In fact, over half of all healthcare organizations, today admit they’ve experienced an endpoint attack in which the hacker was successful. This is why it’s so important to look at an attack’s scope and cost, as well as how it affects almost every industry and business imaginable today.
How Modern Endpoint Attacks Have Changed from Yesteryear
Today’s modern endpoint attacks have drastically changed from the IT days of yesteryear because today everyone has become an endpoint. This is especially true in the way they relate to the healthcare field. Here doctors, associates, administrators, patients in portals with their embedded devices (e.g. pacemakers), and even diagnostic devices (e.g. MRI machines) are now endpoints. This is because each of these entities processes healthcare information in a completely new way today. All these things grow even more omnipresent due to IT consumerization and the endpoint where you’re storing your data. This means it’s time to spend some time rethinking your strategy.
The FDA
According to the FDA cybersecurity for medical devices is a responsibility that everyone must share – healthcare facilities, patients, providers, and medical device manufacturers. When anyone in this chain of “actors” fails to maintain their part in the cybersecurity network any number of negative impacts may occur, including compromised device functionality; loss of both medical and personal data availability and integrity; and exposing other connected devices and networks to security threats. Ultimately this can result in patient illness, injury, or even death.
Although most people find it difficult to fathom how death is possible here, this is the main reason why network security intelligence comes into play. This fear of death should be enough to make you and your organization sit up and take notice – maybe even implement some security changes along the way as well. Of course, it’s this type of evolution in the healthcare environment that seemingly never ends. An example here lies in how the endpoint has evolved in a way that simplifies security. This allows us to be more efficient in the delivery of workloads and applications. Here we also witness virtualization and the IoT create a new, next-generation endpoint environment.
The security software licensing company, Wibu-Systems says that lately as they work with some of this country’s largest healthcare providers they’ve witnessed the evolution of a new trend. This is because both IT and security directors are now looking at desktop and virtualization from an entirely new perspective. Here they’re moving from virtual desktop delivery to virtual “workload” delivery. The difference lies in the fact that the desktop doesn’t really matter anymore. While nurses will sign into an employee workstation, they’ll then use a tablet that has direct access to web applications, legacy applications, cloud storage and data, Windows desktops, and Windows applications. Nurses can do all of these things without a single client launch thanks to the use of HTML5 solutions.
Today, entire applications and desktops are delivered through a browser web portal. This has specific tabs that open the resources you need when you ask for them. Security factors are included in policy controls and other factors so that no data is stored at the endpoint. This makes it so that no data is stored at the endpoint and instead is secured within the data center itself instead.
Herein you see a progression that naturally trickles over to mobile and remote users, devices, and applications. This occurs because you can connect any device through a central, web-based user portal. From there you can access apps, desktops, and other resources. This means that nothing needs to be stored at the endpoint. As such, the healthcare security administrator has continuous control over the resources and data that are in the data center itself, but not the endpoint. For this reason, there are a lot of healthcare facilities who have embraced public key infrastructure (PKI) as a secure, scalable, flexible, cost-effective way to securely authenticate digital identities, ensure the integrity of data that are being transmitted, and encrypt communications within these virtual workloads.
Virtual Endpoint-To-Data Center Security and PKI Infrastructure Management
The healthcare industry is like a power grid or utility infrastructure. Recently these have been deemed part of the Critical Infrastructure (CI), which is why PKI management is now a central theme in most businesses the nation’s CI. Since ransomware and cybersecurity attacks are growing more serious and more prevalent than ever before, it’s important to increase cybersecurity efforts in general and PKI adoption specifically. This is where network security monitoring comes into play.
According to Global Sign, the Presidential Policy Directive #21 in the US was recently updated so that it now identifies where datacenter cybersecurity protection (PKI security in specific) is of paramount concern. These include:
- Chemical Sector: including petrochemicals, industrial, and hazardous chemicals
- Commercial Facilities Sector: including sites that draw large crowds of people for shopping, business, entertainment, and lodging
- Communications Sector: including business, public safety organization, and government operations
- Critical Manufacturing Sector: including metals, machinery, transportation, power transmission, mining, agriculture, electricity, and construction
- Dams Sector: including various types of water retention and control facilities including navigation locks, levees, hurricane barriers, and mine tailings impoundments
- Defense Industrial Base Sector: including research, development, design, production, delivery, and maintenance of military weapons systems for the US military
- Emergency Services Sector: including preparing, preventing, responding to, and recovering services.
The CI also has several other sectors that you need to look at. These sectors include:
- Energy
- Financial services
- Food and agriculture
- Healthcare and public health
- Information technology
- Nuclear reactors, materials, and waste
- Transportation systems
- Water and wastewater
Almost every type of business in almost every industry can fit into one of these sectors. This means that you need to start managing your PKI infrastructure within your data center better. Although an attack is relatively inexpensive in the grand scheme of things, it’s not something you should overlook since lives depend on it.
About the Author: Evan Morris
Known for his boundless energy and enthusiasm. Evan works as a Freelance Networking Analyst, an avid blog writer, particularly around technology, cybersecurity and forthcoming threats which can compromise sensitive data. With a vast experience of ethical hacking, Evan’s been able to express his views articulately.