In today’s day and age, medical device security is of the utmost importance in healthcare. A recent report from the Imarc Group indicates that the global medical device security market reached $8.5 billion in 2022, with targeted segmentation as one of the most viable solutions for protecting devices and networks from cyberattacks.
Segmenting devices and networks is a popular approach to reducing a healthcare system’s vulnerability. By isolating devices based on their level of vulnerability or privilege to separate parts of a network through targeted segmentation, organizations can limit the spread of any malicious code or unauthorized access if such an attack were to occur.
What is Targeted Segmentation?
Targeted segmentation is a security measure designed to reduce the attack surface of a network. It involves separating users and resources into distinct segments that can be monitored and managed more easily and securely. When properly implemented, targeted segmentation can provide organizations with better control over access points, making it harder for malicious actors to penetrate sensitive systems and data.
In case you need a refresher, the MITRE ATT&CK Framework provides a comprehensive list of techniques used by attackers when conducting cyberattacks. By understanding the tactics employed by attackers, organizations become equipped to design targeted segmentation strategies that prevent those same attacks from being successful when targeted against their systems.
The difference between a secure and unsecured system could mean life or death. The tragedy that occurred in Alabama in 2021 paints a morbid story of a ransomware attack destroying a system’s ability to provide proper care for a newborn with severe brain injury. This confusion in the system led doctors and nurses to miss several key tests that would have shown the umbilical cord was wrapped around the baby’s neck, which ultimately led to the child’s death.
How Targeted Segmentation Compares to Other Types of Segmentation
Targeted segmentation is a specialized form of network segmentation that focuses on targeted medical device security. This type of segmentation offers organizations several advantages compared to other forms of network segmentation, such as micro and macro segmentation.
Micro-segmentation focuses on the granular aspects of a network, such as restricting individual servers or applications to only the devices and services they need to communicate with, in order to reduce the attack surface area. Generally speaking, micro-segmentation can take months or years to implement across the entire network but requires constant maintenance to ensure it remains up-to-date against new threats.
Macro-segmentation takes a broader view, managing all devices within an organization into distinct segments isolated from one another. While effective for controlling access across networks, this process can be time-consuming as it requires an intimate understanding of the complexity of the organization’s network infrastructure. However, once the system is up and running, it requires far less maintenance on an ongoing basis.
Ultimately, through micro and macro-segmentation of every device, an organization will find that they have fewer attack vectors to manage. It’s the classic example of “sometimes the best defense is a good offense,” and targeted segmentation is a proactive way to prevent dangerous cyberattacks.
Implementing Targeted Segmentation
Implementing targeted segmentation across a network of medical devices can be done in four crucial steps:
Step 1: Understanding Attack Vectors
Determining which attack vector(s) exist within your organization before implementing targeted segmentation is essential. Conduct your risk assessments to find potentially vulnerable devices and the impact of each threat. Review security logs for suspicious activity. Conduct penetration testing to identify potential vulnerabilities that risk assessments did not. Stay up-to-date on the latest threats or types of attacks that are happening in the industry, so you know which devices need to be addressed first. Knowing what types of threats may affect the medical devices on your network will help you make informed decisions about how best to protect them from those specific attacks.
Step 2: Determine Vulnerable Devices
Once the targeted devices get identified, categorizing each medical device based on its risk level is essential. Attack vectors can include:
- exploits against known vulnerabilities in medical device security
- targeted attacks on individual medical devices
- physical access to medical devices in public areas of healthcare organizations
When categorizing devices, there are certain factors besides attack vectors that may make it easier to determine where to prioritize certain devices. Some devices are simply more critical to patient care or hospital operations than others. For example, a device that is used to keep someone alive or handles Protected Health Information is more important to secure than a device that does not. The priority of remediating a device should be weighted by both the exploitability of the device and the impact that a breach would cause.
Step 3: Identify the Simplest Remediation Option
Once the vulnerable devices are identified, it is crucial to determine the simplest and most effective remediation method. In some cases, ensuring that only authorized personnel have access to a particular device or component can make them more secure from outside attacks, so you can focus your efforts on devices that need more segmentation to be fully secure. Another option for remediating a vulnerable device could be configuring security features on the medical device itself, such as limiting user accounts or disabling unnecessary ports and services.
Ultimately, any changes made should consider possible clinical consequences before implementation, as any disruption in service or availability of medical devices could have serious repercussions. Clinicians must weigh the risks and benefits associated with various remedies.
Step 4: Deploy Network Security Technologies
This final step requires targeted segmentation of the medical device network to ensure that the proper level of security is maintained for these devices.
To protect devices from cyber attacks, healthcare organizations can deploy a range of additional network security technologies. These may include firewalls, intrusion detection and prevention systems, and other security measures that help monitor and control network traffic. Taking a look at your existing network and security tools can help to identify what is or isn’t currently working and what patterns of communication look like as a baseline. Using this data can help to monitor the success of your segmentation and make adjustments where needed.
While it may not be possible to separate a medical device from general IT networks completely, targeted segmentation can help reduce the risk posed by external threats and any potential interference between systems due to shared resources or other issues.
Best Practices for Targeted Segmentation
When implementing targeted segmentation, IT professionals should continually review and improve their network segmentation strategy. This attention to detail can help ensure that the security of medical devices remains effective over time as circumstances and threats evolve. There are two critical practices for targeted segmentation that IT professionals should keep in mind:
- Identify all medical devices on the network: Knowing which medical devices stay connected to your network is crucial for targeted segmentation. IT teams should identify all connected medical devices and any software applications that have access to them.
- Develop detailed policies: Policies surrounding targeted segmentation should be clear and comprehensive, outlining precisely how access is controlled and who has permission to access what data.
A Holistic Approach to IoMT Security
Network segmentation is critical in mitigating risks associated with the Internet of Medical Things (IoMT). However, it is not the only one. A holistic approach should be utilized to ensure that IoMT devices are adequately secured. This approach includes hardening device configurations to reduce the potential attack surface and utilizing system-level access control measures to restrict who can modify settings on connected medical equipment. Additionally, regular audit logging, ongoing patch management processes, and regular vulnerability audits should all be employed.
Healthcare organizations can protect patient data by taking these targeted steps while ensuring safe and reliable medical care delivery. To learn more about creating robust IoMT security strategies, download Asimily’s newest e-book, which provides an in-depth guide to best practices for IoMT security.
Mitigate Medical Device Cyber Risk with Asimily
Asimily provides hospitals with a comprehensive, targeted approach to Medical Device Cyber Risk mitigation. Through inventory management, anomaly identification & incident response, and vulnerability management tools, Asimily helps ensure that all connected devices are secure and compliant.
The platform enables hospitals to deploy segmentation policies more quickly and efficiently while ensuring they remain compliant with industry standards and regulations. Leveraging targeted network segmentation techniques, Asimily allows healthcare organizations to create a safe operational environment for sensitive medical data and assets.
Additionally, Asimily’s forensic analysis capabilities enable healthcare providers to proactively identify malicious tactics, techniques, and procedures used by attackers to defend against future threats. Finally, all of these features get generated and combined into a report showing leadership of the comprehensive network security strategy.
To learn more or to schedule a consultation with an Asimily expert click here.