Oct 24, 2021
By Sarah Czarnowski

What is Medical Device Security?

Healthcare teams use medical devices to diagnose or treat people to help them overcome injury or sickness. With longer life expectancy, there is more demand for medical devices that generate additional data. These medical devices are connected to networks so that healthcare teams can better monitor patient health. For example, CT (Computed Tomography or CAT) or MRI (Magnetic Resonance Imaging) machines may upload imaging files for doctors to review patient results. And device makers might use a network connection so they can perform remote maintenance.

These network-connected devices represent a significant security challenge. IT security solutions are not applicable to medical devices. For example, IT focuses less on device resilience, yet makes security a priority. And IT and the clinical engineers supporting the medical devices tend to speak a different language. Combining these differences with the fact that attackers are looking at new entry points into a business, makes for security vulnerabilities to a healthcare business. In fact, a 2020 Palo Alto Networks report stated that 83% of internet-connected medical imaging devices such as MRI machines are open to cybersecurity risks.

One of the biggest challenges for medical device security is identification. When a device security event occurs, the security team see an IP and MAC address that’s affected. They know it’s not an IT device such as a server, laptop, or printer. But they don’t know exactly what it is. When this happens, there’s the risk of the wrong response, such as unplugging a medical device. In an industry such as healthcare, it is critical that only an authorized clinical engineer is dispatched to remediate the device. A patient’s health, patient health information, or a medical procedure might be at risk.

To address this challenge, there needs to be a way to discover medical device information and enable clinical engineers to enrich the data. This medical device inventory acts as the single source of truth that gets an update when the healthcare team gets a new device, or during routine maintenance.

The inventory can contain medical device make, model, location, department, usage, serial number, latest software version, and maintenance steps. But beyond device discovery and enriched device data, there must be a single orchestration, automation, and response platform and system of record where the inventory and security events data can be ingested. This system of action platform, which is used by the security, IT, and clinical device engineer teams, allows rapid remediation of security events.

When a security event takes place, the security team can see the full context of the device. They’ll know who the device owner is and what remediation process must be followed so a work order can be dispatched to the clinical engineer or 3rd party field technician. The work order process can be tracked so that security, IT, and the device engineers are kept aware of the remediation status.

Nuvolo OT Security solves the problem of quickly remediating medical device security events. That’s because Nuvolo becomes the system of record. In the case of healthcare, that’s for all the medical devices. Nuvolo will ingest security information, match up the device’s IP and MAC address, and fully contextualize it with things like the device usage, what PHI data the device is storing or accessing, and device maintenance records.

Nuvolo’s OT Cyber Security platform

When integrated with real-time monitoring systems, Nuvolo provides the security and service management teams shared visibility into device posture. The integrated platform also automates remediation related workflows to reduce cybersecurity risk. In pioneering the industry’s first OT cybersecurity platform Built on NOW, we help customers achieve better product, facility, and patient safety while protecting critical infrastructure.

Learn more about Nuvolo OT Security.