Regional Sales Director
Wednesday, June 5, 2019
We have a problem. This problem potentially effects all of us. It is not fun to think about and it’s not going away anytime soon.
Over the last 20 years, millions of Medical IoT devices have been connected to IP networks at Hospitals and Clinics. These connected Medical devices often keep us alive. We trust them to deliver the right amount of medication or to literally keep our heart beating. We trust them to do the job perfectly. Unlike a human, these machines do not make mistakes. The problem is that these live-saving devices are often connected to sprawling hospital networks.
The IP networks at hospitals were designed for availability. As doctors and nurses move devices around or deploy new ones, they need to connect and work - every time. There is no time to call IT and make a change. Everything device is routable, the network flat and available. Security was an afterthought.
While this all happened, hackers quickly figured out that Hospitals are a gold mine. Patient information has high value on the black market; unlike credit cards, you can’t reset your social security number. Hackers found they could breach these networks and find thousands of servers to attack, all full of sensitive information. Accordingly, the healthcare industry has spent a lot of money on protecting servers that contain your medical records.
But what about the Medical devices on these networks? Most medical devices do not contain patient information.
There are hundreds of medical device types and most of them run proprietary operating systems. Some of them run Windows. Some of them run Windows XP! Some of devices have hard coded passwords (like admin/admin). Some devices have backdoors for easy access for trouble shooting. Some devices can’t be patched without FDA approval. Some devices have a VPN connection to the vendors. Some of these devices talk directly to the internet for updates!
The nightmare scenario that keeps me up is this: malware breaks out inside of a Hospital network that is attacking these medical devices. This could happen very fast and the result could be a devastating loss of life. When breached, Hospitals around the world are forced to unplug everything that’s connected to IP networks. They are forced to return to pen and paper and the entire healthcare industry is forced back into the dark ages, costs millions of dollars and reduces patient care.
How do we make sure this never happens?
Hospitals could hire a small army of network engineers and install firewalls and NextGen security technologies for every medical device. This would cost over 10 million per hospital and would likely bankrupt the healthcare industry in the process. The hospitals that could do it, would be forced to keep that small army of network engineers on staff 24/7 to deal with all of the changes to this new, locked down and inflexible network. Let’s be real; this will never happen.
The other option is to install a purpose-built network switch directly in front of the medical device. This switch would make the medical device invisible to hackers. It would insure no un-authorized machine could every communicate with the medical device that’s delivering medication. The switch does not require FDA approval. This switch is shipping now and has 20 years of development behind it.
It’s called a HIPswitch. Over the last 18 months hospitals are accelerating their deployment of HIPswitches in front of medical devices. The deployment only takes a few minutes and it requires almost no changes to the hospital network. HIPswitches work with both state-of-the-art medical IoT devices and formerly un-patchable legacy equipment.
I am passionate about communicating this solution to every hospital and healthcare organization in the world. This is not just a Security issue, it’s a human safety issue.
Our solution is already securing and connecting hospitals in the US. For a deeper dive you can read our use-case here.