Introducing Cynerio IoT Attack Detection and Response for Healthcare

According to a Ponemon Institute research report released last month on cyberattacks in healthcare, the root cause of a data breach was equally liable to be due to an insecure medical or other IoT device as caused by a phishing attack. However, while hospitals often have some kind of anti-phishing filter or solution in place, IoT protection often falls between the cracks of the typical IT security stack. Most IoT and IoMT (Internet of Medical Things) devices can’t be agented or patched. Many medical devices, even if they are not currently hooked up to a patient whose health depends on them, run outdated operating systems, lack vendor support, and even so can’t be easily replaced. If connected devices at hospitals expand the attack surface and IT security tools are unable to provide comprehensive insight into them, it is only natural that cyberattacks will evolve to take advantage of this relatively unguarded entry and pivot point.

While breaches are annoying, and involve lots of post-attack cleanup, auditing, and financial losses, it is the current wave of ransomware attacks on hospitals that have really shone a spotlight on how much patient safety is at stake without proper IoT security in place. Ransomware attacks have increased 500% since March 2020, even as people around the world struggled with a once-a-century pandemic and all the disruption it wrought. Hospitals were not immune to ransomware’s fallout. In the same Ponemon study cited above, hospitals who were victimized by ransomware attacks reported significant negative impacts on patient care, including:

• Longer patient stays (71%)
• Delayed procedures and tests (70%)
• More complications from medical procedures (36%)
• Increased mortality rates (22%)
  

The news from several weeks ago that a ransomware attack in the US might have led to a patient’s death is not an isolated case. It’s clear that medical and IoT device safety is also a question of patient safety. However, most IoT security is still focused on providing a comprehensive inventory of connected devices, perhaps with some data related to their potential risk. What these solutions lack is a way to fight back against threats; after all, you can’t protect against what you can’t remediate. Our customers didn’t need more data to stop ransomware and other attacks on medical devices – they needed to be able to act.

Extending Attack and Detection and Response to Connected Medical Devices

Cynerio is proud to announce the unveiling of its IoT Attack Detection and Response module for connected healthcare devices. This first-of-its-kind solution empowers hospitals to identify, contain and mitigate threats on IoT and IoMT devices so that the patients connected to them don’t have their health or safety impacted.

Cynerio’s Attack Detection and Response module works from day 1 of implementation, giving hospitals the immediate ability to quarantine any device demonstrating malicious or suspicious behavior. Full remediation on the device can then be performed when it is not in use to accelerate the attack recovery process afterwards.

Key features of Cynerio’s IoT Attack Detection and Response for Healthcare include:

• IoT Attack Alerts – Cynerio alerts hospitals to device behavioral anomalies, complemented by attack detection data from other Cynerio implementations, machine learning and dozens of vulnerability and threat intelligence feeds collected from global sources.
• IoT Attack Containment – Any attack observed on a device protected by Cynerio can be immediately quarantined to give the hospitals a secure way to further remediate the incident without impacting service availability or patient care.  
• IoT Attack Investigation – Collect detailed forensics on all IoT devices along with the connections between them and investigate device metadata using deep packet inspections. This forensic data can then be ingested by your Security Incident and Event Management (SIEM) platform to enrich any attack investigation you are carrying out across your IT infrastructure.
• IoT Attack Response – Let Cynerio form the “brains” of your IoT security and send its data about device risks and attacks to your IT security solutions for enforcement and “muscle.” Stop device exploitation with micro-segmentation that safely limits device communication to the bare minimum so that attacker reconnaissance, lateral movement and ransomware shutdown of devices is blocked. Live help from Cynerio agents is also available for the thorniest attacks.
• IoT Post-Attack Reporting – The Cynerio portal is no black box; we show everything that is being done to mitigate an attack, including reporting on PHI exfiltration, risk exposure over time, and step-by-step instructions broken down by device and attack to ensure full remediation going forward.

Don’t just spot devices, like most IoT security solutions deliver. Cynerio’s IoT Attack Detection and Response for Healthcare module goes above and beyond inventory and asset management to identify and shut down live attacks on your connected device footprint. With hospital ransomware attacks and breaches on the rise, healthcare providers need to take a more aggressive stance against the attackers targeting them, and the Cynerio IoT Attack Detection and Response for Healthcare module provides the tools to keep patients and their devices safe from harm.

For more information on Cynerio, read our datasheet here.