Healthcare Means Security
Director and Principal of Security, Versa Networks
January 12, 2023
Cybersecurity is crucial in all industries and especially important in the healthcare segment. With the increasing reliance on technology in healthcare, it is essential to ensure that sensitive patient data is protected against cyber-attacks.
The healthcare industry is heavily reliant on internet of things (IoT) devices, such as smart medical equipment and electronic medical record systems. Let’s look at some interesting scenarios that have been talked about over the past year as well as some real-life incidents that have occurred.
Recently when I was talking to some peers who work in the healthcare segment, it came to light that a key priority was how to enhance cyber security to the IoT environment. This environment consists of devices such as MRI machines, CAT Scanners, dialysis machines, chemo drips, heart bypass machines, and many more. Their fear was the level of damage which can be created by bad actors hacking these devices. Their findings were concerning because it revealed that it is not feasible to upgrade the software of almost all IoT devices, especially MRI machines and CAT scanners as well as the computers controlling these IoT devices regularly. Also due to the price of each one of these being ~$3M-$5M or more, the cost to replace these devices with newer equipment become unfeasible. So, due to the security vulnerability a malware attack on a smart medical device could prevent it from functioning correctly, potentially harming the patient or other in a general vicinity, and/or leading to delays in treatment potentially which still put patient lives at risk.
Another example of a real attack on healthcare is Ransomware. In the past year Ransomware attacks have increased 300% in just healthcare alone. Let’s apply a ransomware attack to the scenario above. We have a patient that is receiving a heart transplant for example. During the surgery a ransomware attack takes place and moves laterally throughout the hospital which infects the laptop controlling the heart bypass machine. The result of this could be either the machine can’t be turned off, or that it just stops cycling blood for the patient. This presents risk to the patient’s life and the reason is either the device were not secured properly nor was the computer controlling this IoT device were not secured properly.
These scenarios are incredibly scary, and right now the solution to prevent these attacks is to deploy multiple technologies with loose integration. The challenge is that gaps result in the reduction of cybersecurity posture; risks to the organization increases, the Total Cost of Ownership (TCO) increases; and and physical stress on the IT/Security department. So, this brings us to the question of how to improve security in healthcare while increasing the security posture, reducing TCO, and easing the stress of the engineering staff through simplified management and reporting.
Versa Networks solution for all of these IOT security challenges is our Secure Access Service Edge (SASE) platform. The Versa Networks SASE platform is a comprehensive platform that combines network security, cloud security, and secure internet access into a single, integrated solution. It helps to secure all types of remote access, hospital access, doctors office access, to services such as web traffic, private applications, cloud-based applications, and more.
Specifically for healthcare Versa Networks SASE will provide secure, seamless access to a healthcare organization’s network and applications from any location, including IoT devices. It can also provide network architectural enhancements including micro-segmentation. In addition to secure access, SASE also provides advanced threat protection (network based anti-virus/anti-malware), NGFW services, URL filtering, cloud access security broker (CASB), and more which helps to identify and prevent cyberattacks before they can do harm. Utilizing services like NGFW and URL filtering services, scenarios like the ones outlined above will be stopped in their tracks as the Versa Networks SASE solution would detect and block ransomware traffic that can move laterally across the SD-WAN fabric at the local gateway. The solution can also block the command and control (C&C) traffic destined to the internet that would deliver the keys to the ransomware and provide micro-segmentation from each gateway as well as the remote points of presence (PoP’s) for all remote users utilizing a singular uniform configuration deployed vis a single management console. This also allows Versa Networks to help reduce the TCO for a customer as the solution is cloud based. This means a consolidation of security products within the organization, reduction in physical footprint as the service is mostly consumed as a service and not with multiple products, a consolidation of management tools to a single pane of glass, and less need for hiring IT personnel due to additional implementation of products.
In summary, the need for enhanced cybersecurity for IoT devices in healthcare is clear, and Versa SASE is a powerful tool that can help to safeguard patient data and ensure the smooth functioning of healthcare organizations. By investing in Versa SASE, healthcare organizations can protect themselves and their patients from the risks of cyberattacks.