By Jeremy Linden, Sr. Director of Product Management, Asimily
Now more than ever, the Internet of Medical Things (IoMT) has proven crucial for modern health care, with an ever-increasing number of medical practices using IoMT devices. Unfortunately, they remain one of the most vulnerable targets for cyberattacks, with even some of the largest healthcare providers suffering a $100 million loss due to an unanticipated security breach and lack of timely incident response.
Experts cite a lack of fundamental “cybersecurity hygiene” as the primary cause of most security incidents. These “lacks” include weak authentication methods, default password hashes, and vulnerable backdoors hackers can find in the debugging logs.
Ramp up your IoMT security systems by strengthening anomaly detection and increasing incident response time. What best practices can you implement today?
Aligning Policies and Operational Workflow With Cybersecurity
IT professionals in healthcare facilities must be ready to fight against cyberattacks at all times. Integrating preparedness into your operational workflow is an absolute must to shield your IoMT devices against would-be hackers and malware. Thorough system audits help you discover gaps in your security, allowing you to take proactive steps before something terrible happens.
To mitigate cyberattacks effectively and increase incident response time, IT teams must work with facility leaders to schedule routine system evaluations. A facility’s first line of defense is its information system (IS) architecture. Your IS protects your larger IoMT infrastructure against attacks by reducing the impact on core functionalities.
Detecting Suspicious Activities
Compare device baselines against a control model to identify abnormalities during an attack
Tailor policies to your unique network, making it more difficult for hackers to avoid detection
Combine crowdsourcing intelligence, machine learning, and threat modeling to detect attacks and provide proactive solutions
Provide SIEM and SOAR integration through a simplified playbook-based approach
Work in tandem with active IoT security researchers to identify threats
Asimily, for example, in addition to anomaly and threat detection, provides policy management at a granular level. This capability gives them the ability to tailor their policies based on particular attributes of their network of IoMT devices and set up alerts for specific incidents. This then allows them to hone in on any unusual activity in their network as fast as possible, greatly reducing incident response times.
Investigating Suspicious Activities and Threats
Determine which IoMT devices communicate with one another and when to track cyberattacks within the network of communicating devices
Understand the protocols your systems and devices are using to recognize anomalies
Track how much data your devices transfer—before, during, and after the attack
Be able to run packet captures on the network to read device traffic and collect data
Provide clinical and biomedical teams with operational intelligence
Asimily can help your network analysts and SOC teams expedite incident response times and protect your devices from cyberattacks. Asimily offers the Distributed Sniffer, their own industry-leading software that works to detect, investigate, and respond to costly cyber attacks, saving you millions in lost data.
The Distributed Sniffer allows healthcare networks to capture data continuously on an arbitrary or pre-programmed interval. This information helps inform security officers to accurately and immediately identify a breach.
Responding to Cybersecurity Attacks
Not all cyberattacks are created equal. Once your teams identify the threat and thoroughly understand it, it’s time to flush it from your systems.
First, isolate any suspected devices to determine if an attack has in fact taken place. Prevent any remote access C2 traffic hackers might establish during the attack and determine if users accidentally triggered a credential-theft phishing campaign. If so, change the associated credentials immediately.
Once you’ve isolated the affected devices, it’s time to eradicate all traces of the attack—including its foothold. Asimily strategizes remediation with a unique take on the 3-step standard process for incident response to reduce the overall impact on your services. First, they attempt to patch any vulnerabilities in the system that may have allowed hackers entrance into your devices. If patching alone does not serve as an adequate or cost-effective solution, it’s time to shift toward exploring vector mitigation. As a last resort, they turn to network segmentation to reduce the risk of a breach.
Recovery and Analysis: Post-Incident Processes
Your recovery time depends on the severity of the cyberattack. You can take steps to make immediate repairs—but getting the entire system back on track will take time. Remember, complete system restoration does not occur instantly. The repair phase is a vulnerable time. Departments must keep their eyes on operational safety while IT does its job.
Just because you beat back one attack doesn’t mean another isn’t around the corner. Conduct regular preparedness and mitigation exercises to prepare your team for the next assault.
Consider recovery as an extension of downtime. As IT works to restore your systems, use this opportunity to assess degrees of functionality and whether they benefit or hinder operations. For example, are absent capabilities hindering workflow if the system only functions in a limited capacity?
Next, begin the process of converting any paper documents back to digital format. Ensure you have available staff to provide continued support and ask whether vendors can assist in recovering biomedical records and resuming suspended in-patient procedures.
Implementing Preparedness and Mitigation Exercises
Once you’ve updated your strategies, it’s time to put them to the test with regular exercises. Performing well during these trials ensures your stakeholders, vendors, and EMPs that your facility is prepared for another cyber attack.
Developing and testing an array of scenarios with varying severity
Hire a white hat to stress-test your systems
Lean on a third-party IT specialist team to evaluate your strategies
(Re)train staff members on paper charting and manual practices in case the digital system goes down again
Simulate in-house communication crises—such as how to respond if phones, email, or pagers go down—as well as public-facing situations, like fielding news media and patient concerns in a crisis
Anomaly Detection & Incident Response: Best Practices for IoMT With Asimily
There are no avoiding cybersecurity attacks. Vulnerabilities, frustrations, and breaches are inevitable. Healthcare organizations simply need the tools to facilitate a healthier, faster response—tools like Asimily. Thus exemplifying the need for new and healthier approaches.
See Asimily’s approach to IoMT incident response and anomaly detection allows for more accurate findings and data-backed security measures than just the standard 3-step process. This includes:
New and emerging threat detection, leveraging custom policy management at a granular level to target every HDO’s specific needs.
A full, proactive investigation into an attacker’s actions and primary targets with a Distributed Sniffer.
Rapid response and immediate quarantining of compromised devices.