Hospital systems are under constant attack. Cybercriminals can access sensitive data when the hospital’s security fails, jeopardizing patient safety.
A 2022 survey found that two out of three healthcare organizations experienced a ransomware attack within the last year. Many paid the ransom only to learn that, on average, just 69% of their encrypted data gets restored.
To protect their patients, hospitals must prioritize data security and eliminate vulnerabilities. Network segmentation is one of the most effective strategies for mitigating cyber threats. Macro-segmentation is an approach to network security that works by segmenting and isolating medical devices on a hospital’s network.
The Rise of Attacks on Healthcare Networks
Today, many hospitals rely on outdated systems. In 2020, researchers determined that over 80% of hospital infrastructure relies on outdated software. Upgrading or replacing each device may be impractical.
Old devices, outdated systems, and an extensive lateral network create the perfect atmosphere for cybercrime. Criminals latch onto these weaknesses and use them to infiltrate the network, and the threat is growing more severe. In 2018, 14 million patients were affected by cyber disruptions. By 2021, that number had swelled to 45 million, showing no signs of slowing down.
A successful cyberattack can wreak havoc on a health system’s finances and commitment to patient care. IBM Security reports that healthcare breaches now cost nearly $10 million to resolve.
The Role of Macro-Segmentation
Macro-segmentation, also called network segmentation, describes breaking a network into distinct segments. Traffic between segments gets guarded by a next-generation firewall, which acts as a digital barrier. This approach limits access to the network itself, reducing the window of opportunity for a cyberattack.
Macro-segmentation also isolates medical devices in each segment. Devices can only communicate with other devices within the same segment, and no device can talk directly to all others. The isolation dramatically reduces the chances of a successful attack and, should an attack occur, limits potential damage.
A further option is micro-segmentation, where segments get broken down so that each device or application has its own zone. Micro-segmentation offers greater control and security, but it’s also significantly more expensive and robust to set up.
Examples of Macro-Segmentation in Action
Healthcare systems, large and small, have implemented macro-segmentation to protect their networks. Below are a few examples of this security practice in action.
Martin Luther King Jr. Community Hospital in Los Angeles uses segmentation and communication pathway monitoring. Internet of Things (IoT) devices contain a dedicated network.
The team at Riverside Health in Chicago uses segmentation and strict access control. Critical patient devices such as insulin pumps get shielded by micro-segmentation.
Larger organizations use more robust measures based on the same principles. Thien Lam, Vice President and CISO at the 14-hospital BayCare Health System in Florida, has explained that: “In terms of network segmentation, we’ve created a separate network for the medical devices so that the medical devices don’t talk directly to the production network.”
Segmentation is the first-line defense against cyber threats. When an incident does occur, the criminal’s impact lessens because it’s confined. However, a review by security firm Forescout found that nearly half of all medical devices studied showed signs of “immature segmentation implementation.”
Network Segmentation Best Practices
Segmentation is a big undertaking and requires resources and commitment. But it can play a big part in reducing risk exposure and potential attacks. Before you get started, assess your current network and IT infrastructure. Segmentation methods should get customized to suit your unique ecosystem while still ensuring that IoMT devices on your network are grouped in a way that they are separated from all other groups that are directly connected to the internet – especially those deemed untrustworthy.
Once you’ve determined a strategy, here are network segmentation best practices to guarantee your devices are properly grouped and isolated:
Follow the Principle of Least Privilege
Limit who has access across systems. Focus on your users’ needs; don’t give them access to superfluous data.
This practice follows the principle of least privilege.
Isolate Critical Data
Data critical to the organization’s functioning should be isolated from less sensitive data. This data includes patient health records, financial and confidential information, devices connected to critical patient care, and other essential assets.
Limit third-party access
Third parties should have minimal access to your leading network unless you need their services and agree with their security controls. If you do grant access, the principle of least privilege becomes relevant again.
Regularly Monitor Network Activity
Regular monitoring ensures that you can detect suspicious activity in real-time, and audit logs will reveal any anomalies or potential security breaches.
Monitoring also ensures that you’re keeping the system up-to-date, as inefficiencies and vulnerabilities will be easily identifiable. Your network segments may need to shift as threats evolve.
Use a Platform like Asimily
Asimily’s features enable healthcare organizations to monitor their environments for threats and identify macro-level IoT risks. The platform allows for better macro-segmenting.
How Network Segmentation Compares to Other Security Measures
Network segmentation is an essential security measure, but it’s not the only one. It should join other measures such as firewalls, patching and antivirus software, encryption, and authentication.
Firewalls, for example, are used in conjunction with segmentation. Firewalls block users from accessing restricted networks. Anti-virus software looks to detect malware, while patching and encryption help keep data up-to-date and secure. Authentication ensures that only authorized users can access networks.
These measures are complementary and should get used together to create an effective security strategy. Network segmentation is the foundation of any good security plan and should be one of the first measures implemented.
A Holistic Approach to IoMT Security
To ensure the ultimate security of your network, consider taking a holistic approach to your Internet of Medical Things (IoMT) security. Network segmentation is just one part of ensuring a secure healthcare ecosystem.
Healthcare organizations must look at all measures that minimize the risk of a data breach. There are eight main steps to strong IoMT security management. You may only need to adopt some of these measures, so start with the first step and see if you need additional security before moving on.
Step #1: Patching, as mentioned, helps keep data secure by addressing vulnerabilities in the system or software.
Step #2: Macro-Segmentation refers to splitting the network into smaller segments.
Step #3: Targeted Segmentation creates segments based on device and application vulnerabilities.
Step #4: Configuration changes (device hardening) require you to reconfigure the device physically.
Step #5: Micro-segmentation uses micro-segmentation to restrict access further.
Step #6: Upgrade or replace become an option when the previous steps fail.
Step #7: Accepting the risk asks you to consider if an unpatched device’s potential use justifies accepting its risk. You can reduce the potential impact of any problems by segmenting the device from critical systems.
Step #8: Building a holistic IoMT security program is a goal for your hospital system.
Learn how to remediate cyber risk in your medical devices by downloading our step-by-step guide now. And don’t miss out on the insights provided in the Cybersecurity IoMT Webinar Series where Sr Director of Solutions Engineering, Luke Smith dives into these eight Steps further! Watch it on demand now.
Mitigate Medical Device Cyber Risk with Asimily
Asimily provides a holistic IoMT risk remediation platform that helps hospitals and healthcare facilities secure devices and defends against cyber threats. Our platform is designed to help hospitals identify, mitigate, and prevent threats.
Advanced inventory management allows for real-time visibility into your medical device fleet. Features like anomaly identification help detect suspicious activity, while granular classification allows you to apply more specific controls to limit potential exposure and reduce risk, such as segregating all devices of a certain type into their own segment.
With Asimily, the entire security process is streamlined and automated. Healthcare organizations can confidently protect their data and devices.
Schedule a consultation with an Asimily expert to see how you can defend your healthcare systems against ransomware and malware.