Greg Ness profile picture

Greg Ness

Chief Marketing Officer

Thursday, May 23, 2019

The advantages of digitalization are well documented and understood, especially in health care. Patients, for example, benefit when their doctors can access their critical data by simply plugging a device into a wall jack. That wall jack often connects to every other connected device in the hospital.

No one has to file a report or make a call to get timely access to data or even administer critical care devices from across a hospital. If the hospital is part of an MPLS network then the scale of access and convenience is taken to an even greater level.

Digitalization allows health care workers to focus more time and resources on administering medicine. Patients benefit because those caring for them are more productive, more knowledgeable and faster to respond:

The health care industry increasingly relies on technology that’s connected to the internet: from patient records and lab results to radiology equipment and hospital elevators. That’s good for patient care, because it facilitates data integration, patient engagement, and clinical support.

– Nicole Wetsman, HEALTH CARE’S HUGE CYBERSECURITY PROBLEM, April 2019

Digitalization also exposes more critical care processes and controls to the internet and that’s a big problem. Two years ago this week WannaCry took down hundreds of thousands of systems globally in a matter of hours, including about a third of England’s hospital trusts and 8% of the nation’s general practitioner offices.

In June we’ll note the anniversary of NotPetya, one of the most devastating cyber attacks of all time. Like WannaCry, it had devastating impacts, including hospitals and clinics. And WannaCry is still out in the wild, continuing to infect computers:

In its global list of countries where WannaCry variants have been detected over the past two years, India is at the top with 727,883 WannaCry infections, followed by Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814).

- Dev Kundaliya, WannaCry remains a serious IT security threat worldwide, researchers warn, May 2019

While tens of thousands of appointments, including surgeries, were cancelled or scheduled, no one has yet to die because of a cyber attack. Hospitals are starting to realize that there are 1000’s of devices connected to Hospitals that if breached, could hurt or worse kill someone. These include devices that deliver medication, drugs, chemotherapy and radiation.

Medical IoT devices such such as X are often unsecured

There are, for example, vulnerabilities on scores of vulnerable medical devices (see Melanie Evans and Peter Loftus Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security):

The Department of Homeland Security last year issued 30 advisories about cybersecurity vulnerabilities in medical devices, up from 16 the year before, according to MedCrypt, which makes security software for medical devices.

And the situation is getting worse:

Reports show that ransomware and other cyberattacks are on the rise — and health care is one of the biggest targets. Just this week, researchers in Israel announced that they’d created a computer virus capable of adding tumors into CT and MRI scans — malware designed to fool doctors into misdiagnosing high-profile patients, Kim Zetter reports for The Washington Post.

Hospitals are attractive targets because they have a shared infrastructure. Like an airport, they also have lots of 3rd party vendors working on the same L2 network through hundreds of VPNs, some connected directly to critical care equipment. Giftshops, vending machines, bio-medical services, laboratories can also share that same common network.

Hospitals often have no idea what’s on their network at a particular moment. They’re often using networks built over the last 20 years and no one made a map. Very few have done any inventory of connected devices. And those devices can be plugged and unplugged from the network in seconds. Many of them are running outdated and unpatched. operating systems.

Around 10% of the devices on hospital networks run outdated operating systems (XP, Windows 2003 as examples). Hospitals are also starting to realize that there are 1000’s of connected devices that if breached, could hurt someone. These include devices that deliver medication, drugs, chemotherapy and radiation.

That’s where Tempered Networks IDN solution can help. Tempered’s HIP switches can drop into these flat L2 networks and deliver instant segmentation without having to make changes to the network. They can install in minutes. Patients gets the health benefit of digitalization without much of the health risk inherent with flat L2 networks.

You can read more about how we secured and connected one healthcare facility here.