White Paper: 5 Reasons Network Segmentation Is Difficult for Hospitals
Healthcare organizations have become hackers' favorite targets. Over 93% of healthcare organizations have reported a cyber incident and healthcare stands as the most targeted industry, accounting for 4 out of 5 breaches.
Why? Clinical networks are the easiest safes to crack and the black market price tag on medical records can bring in ten times that of social security and credit card information.
Protecting clinical networks and the devices connected to them can be solved with strict cyber hygiene practices and network segmentation, but achieving it is extremely difficult in clinical environments.
1. Multiple Classes of Devices
In order for healthcare organizations to plan holistic security strategies that work, they have to be aware of all connected medical devices on their networks:
- Operational Technology (OT) devices - critical care systems including power generators, building automation systems, badging, and security cameras
- Internet of Things (IoT) devices - network printers, VoIP phones, mobile devices, tablets, video conferencing devices, smart TVs, and more
- Information Technology (IT) devices - personal computers, laptops, servers, workstations, virtualization hypervisors, and enterprise networking equipment
- Connected Medical or Internet of Medical Things (IoMT) devices - Infusion pumps, dialysis machines, heart monitors, MRI and CT scanners, ventilators, and more
2. Traditional IT Tools Fall Short
Standard IT security tools are great for segmenting most devices (OT, IoT, IT), but firewalls and NACs can’t get the job done efficiently when it comes to IoMT devices because:
- They can’t differentiate IoMT devices from others
- They have no understanding of medical device utilization patterns and criticality, and enforcing standard security protocols and procedures risks affecting device functionality and disrupting patient care
- They have no understanding of IoMT device connections and typical behaviors
3. Connected Medical Devices Have Unique Behaviors
Medical devices often need to connect to their vendors for routine updates and patching services. They might also need to connect with other devices on the network to deliver medical services efficiently (think glucometer to insulin delivery pump). If segmentation policies are enforced without considering medical context, device functionality can be interrupted and patient care could be jeopardized.
4. Medical Devices Are Inherently Vulnerable
Most IoMT devices in use today were built with function in mind and not cybersecurity. Because of this, they are extremely vulnerable to many threat vectors, including malware, web application attacks, insider threats, and device misuse.
5. A Lot of Operating Systems & a Lack of Support
A Forescout report showed that there were more than 20 different versions of operating systems on 76% of an organization's medical devices. On top of that, many of those are old and unsupported, like Windows 7.