Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

How Hospitals Are Dealing with the Cybersecurity Challenge of COVID-19

Pedro Abreu, Chief Product and Strategy Officer | May 15, 2020

Again and again, we’ve seen that the true heroes in this COVID-19 crisis are the healthcare workers and organizations on the front lines. But, who is ensuring that critical clinical work isn’t disrupted by a cyberattack?

I sat down with Jonathan Langer, CEO of Medigate, to discuss how healthcare organizations are protecting their digital assets and services during this time. Medigate has a unique view into the protection of healthcare networks, as it delivers unparalleled medical device visibility, anomaly detection and protection in addition to lifecycle management capabilities. Medigate’s deep industry-focused insight pairs with Forescout’s broader enterprise device visibility for a holistic healthcare security strategy.

Take a look at some of the unique use cases Medigate is seeing when it comes to medical device visibility, as well as how healthcare organizations are leveraging this technology as part of their broader cybersecurity strategies:

What do you see as the biggest cybersecurity challenges or threats facing healthcare organizations right now?

Healthcare organizations are under immense pressure right now. Not only are they seeing a huge influx of patients from COVID-19, but they are having to adopt new methods of treating patients to meet the demand. Many hospitals, for instance, are adding dozens or even hundreds of new devices to their networks to help increase their volume of patient care. On top of that, many are also opening field hospitals and testing sites on top of their existing environments. New network infrastructure is being installed at remote sites, such as wireless access points, as well as additional telemedicine capabilities such as more iPads and loaner infusion pumps.

Before COVID-19 hit California, the all-time daily high for Stanford Children’s Health was 35 televisits. Recently, their clinicians conducted 500 in one day. The Cleveland Clinic logged more than 60,000 telemedicine visits in March alone, an increase of more than 1,700% over its average. From a network perspective, that means hospitals are seeing even more connected devices come online as clinicians conduct visits remotely. Tablets on a small portable stand with wheels are also being installed in coronavirus patients’ rooms. This allows patients to communicate with staff while preserving the supply of PPE.

Not only are hospitals seeing their attack surface shift dramatically, they are also facing an increase in targeted attacks. Interpol, for instance, issued a warning earlier this month healthcare organizations are being targeted by ransomware attacks. While ransomware attacks aren’t a new trend for this industry, the combination of increased critical care needs with the disruption of operations from cyberattacks could put more lives at risk than ever before.

How do you see security leaders adapting to meet these challenges?

It can be tough to maintain security with so many devices connecting to the network at such a rapid pace. It’s important for CISOs to adapt their strategies to account for this growing attack surface with capabilities like continuous device visibility and control along with dynamic asset management, network access control, and network segmentation.

Just as it’s being recommended that strong personal hygiene practices will help prevent the infection and spread of COVID-19, strong clinical cyber hygiene practices will help prevent the infection and spread of viruses and attacks on clinical networks. Simple basics like making strong password best practices are being utilized and email links are from trusted sources will go a long way. Security leaders should also make sure the operating systems and software on medical devices is up to date, as well as review how network security is managed (i.e. firewalls, mobile devices, etc.). They should also consider deploying a segmentation strategy for added protection.

What do hospitals have to do to ensure they are implementing these controls without disrupting sensitive clinical operations?

The key is to start with deep clinical context, then use that insight to develop passive, policy-driven controls or actions. That is one of the reasons the partnership between Medigate and Forescout is so powerful. Medigate’s deep medical device intelligence calls out important metrics, such as the criticality of the device to patient care or devices that are actively in use. Forescout then helps ensure that no critical communication paths are jeopardized and implements strict network segmentation rules to ensure device security. Automated actions can also be taken to safely contain threats in the event malware does infect a device.

How many types of devices does the typical healthcare organization have and have you seen that increase in the past few months?

We typically see approximately 20,000 devices for a mid-sized hospital, including about 10-15 devices per bed (5-10 of which are medical devices). Every day, there are more and more “things” connecting to the network in hospital environments. This brings many benefits, such as increased ability to monitor the patient, but also new cybersecurity risks. It’s important for an organization to have granular visibility into their medical device landscape, as well as the other IoT devices that may be in their environment, to create a holistic, real-time device security strategy.

What are the challenges presented by so many new devices entering a hospital or other healthcare organization at this sensitive time?

Any influx of new devices into an organization can present security risks, including potential device vulnerabilities and compliance concerns. Organizations should first consider onboarding them in a way that they are identifiable and secured on the network. Visibility is foundational to effective IoT cybersecurity; you can’t manage what you can’t see.

Being able to discover a device is just the first step in securing it. Asset discovery without detailed asset profiling is meaningless. For example, you can’t address an OS vulnerability if you don’t know the hosted version of the OS. Visibility is really about data quality, and varying levels of data quality distinguish all of the market’s solution providers. Not just what they capture, but how they do it.

That becomes the foundation of what you can actually do with it. Integration is what will bring these solutions to life and they are governed by data quality. And for security data to be properly operationalized, it must be relevant to cross functional, complementary workflows that are not limited to IT, but span IT, Security, HTM, procurement and finance.

When it comes to real-time device visibility, how are hospitals using the technology at this time?

It’s a really interesting question. In addition to the standard security capabilities, we are seeing hospitals use our device analytics and insights to deliver ROI around planning, procurement, location tracking and device/patient flow management.

We have a hospital that was planning to make a significant purchase of IV pumps to prepare for COVID-19. Although the clinical engineering lead believed they had enough inventory, he couldn’t prove it based on their current tracking. Once they deployed Medigate, he had insight into the entire inventory and proved they had more IV Pumps than they had known and were able to cancel the order process and save more than $1 million.

More than 40% of a nurse’s time is spent on low level tasks, such as looking for equipment. We have customers using the platform to locate devices with nurses no longer needing to go “on the hunt” resulting in an increase of their productivity and job satisfaction.

They also use the location and utilization data to help manage patient flow. By understanding where devices are and if they’re in use or not in use, hospitals can either direct patient flow to the available equipment or available equipment to the patient. It takes the guesswork out of getting patients on the quickest path to treatment.

How do you see this crisis changing security strategies and priorities over the long term?

At least when it comes to technology, this crisis is showing why asset management is more important than ever as healthcare organizations struggle to purchase or find the devices, like ventilators, that they need to treat patients. I predict that more and more organizations will look to be proactive when it comes to this technology, as well as more broadly around device visibility and control.

I think this crisis has also shown the need for technologies like automation, which can keep pace, scale, and adapt to a fast pace of need without the need for significant human intervention. It also has shown the need for increased telemedicine technologies, as well as the need to secure and track wearable patient devices that can help doctors diagnose illnesses without the need to come into the office. Finally, there is a clear need for shared records and devices, even across hospital or corporate lines in the time of a crisis. All of these technologies allow a healthcare organization to focus more of its resources on what matters most: protecting the patient’s well-being.

To learn more:

Join us for our webinar on May 20th at 8:30am PST where we will discuss how to foster a Healthy Hospital infrastructure that equips organizations to easily scale demands for device connectivity while simultaneously maintaining a high-level of cybersecurity protection and network performance. Register here.

Demo RequestForescout PlatformTop of Page