Zero Trust architecture: Key tips for protecting health data and IoT
Photo: Cynerio
Now more than ever it's critical that hospitals and health systems take the necessary precautions to secure their systems and data from cybersecurity threats. For most hospitals and health systems, it's a matter of when, not if, a cyberattack occurs.
While the Zero Trust security model has been around for about a decade, there still is opportunity for vast implementation. In healthcare, some experts say, the Zero Trust approach is possibly the only way to eradicate three imminent and growing threats: ransomware, outdated vendor firmware and unsecured services.
Following a year of increased cyberattacks on hospitals and health systems, such an approach may be critical to better defending healthcare networks, systems and Internet of Things (IoT) devices from an ongoing barrage of sophisticated attacks.
Healthcare IT News interviewed Leon Lerman, CEO and cofounder of Cynerio, a vendor of healthcare IoT cybersecurity and asset management solutions, to talk about the core reasons why hospitals and health systems need to implement Zero Trust architecture, why Zero Trust is difficult to achieve with healthcare IoT, and the four stages of a Zero Trust implementation model in healthcare.
Q. What are the core reasons why hospitals and health systems should implement Zero Trust architecture?
A. It's widely known that the healthcare industry is a primary target for cyberattacks, with increasingly sophisticated and highly-motivated bad actors seeking to exploit both human and technological vulnerabilities. Since 2016, ransomware has resulted in $157 million in damages in healthcare, impacting 90% of healthcare organizations.
Furthermore, as a result of the COVID-19 pandemic, we saw a 50% increase in the number of healthcare-related cybersecurity breaches against hospitals and medical devices, putting these organizations – and the patients they serve each and every day – at risk.
Medical and IoT devices are arguably the biggest weak spot for the healthcare industry, as connected medical devices – an integral part of the Internet of Medical Things – are increasingly being used by hospitals. According to Deloitte, approximately 68% of medical devices will be connected or able to connect to a health system network by 2025.
While connected medical devices are critical to patient care, they are also the most vulnerable to cyber threats. For example, 96% of infusion pumps in healthcare facilities were affected by URGENT/11 or Ripple20 critical vulnerabilities over the past year. In addition, our research has found that more than 40% of CT machines are managed unsafely by technicians, potentially exposing credentials and classified patient data in cleartext.
With 50 billion medical devices expected to be connected to clinical systems within the next 10 years, a Zero Trust architecture, which does away with the traditional security perimeter and assumes that every user or device on the network could potentially be malicious, is critical to helping our healthcare organizations better defend their networks, systems and devices from an ongoing barrage of attack techniques. When working with extremely confidential and valuable information, as is the case in a healthcare environment, this approach is quite possibly the only way to eradicate imminent and growing threats.
Q. Why is Zero Trust difficult to achieve in the healthcare Internet of Things? How can healthcare CIOs and CISOs overcome this challenge?
A. There are several unique challenges healthcare organizations face when seeking to apply Zero Trust strategies. The main reasons are:
- Poor visibility. Healthcare facilities often have thousands of medical and IoT devices that are invisible to the network, and that may be unknown to IT and security teams. Further, many devices do not support connectivity over standard network protocols, making it difficult to discover and manage them.
- Proprietary protocols and lack of authentication. Healthcare IoT devices often run obsolete protocols, which may be unauthenticated and unencrypted, and lack basic access controls.
- Default device insecurity. Many devices have inherent vulnerabilities, such as open services with minimal authentication used for remote support, management and monitoring.
- External connections to vendors and cloud services. Most devices today must connect to cloud services or third-party vendors to function properly, or to perform maintenance or updates.
Despite these challenges, however, it is possible to achieve a more protected, Zero Trust environment without disrupting clinical operations or causing damage to critical medical equipment.
Q. You've said there are four stages of a Zero Trust implementation model in healthcare. Please elaborate.
A. That's correct. Our recommended Zero Trust implementation model consists of four stages.
Step one is to design policies that block unnecessary communications with healthcare IoT devices. In simple terms, that means seeking to understand exactly which communications are needed to maintain clinical workflows and medical-device functionality, and which are not. Map out your organization's devices and identify the following for each category of devices:
- What other devices and medical servers does this category of devices communicate with?
- Does it need to communicate over the Internet? Is Internet communication isolated in a VPN tunnel?
- Does it need to communicate with the device vendor?
- Does it currently have access to other devices, networks or the Internet, which is not required for normal operations?
Step two is segmenting the network to contain attackers to a specific segment. Due to the fact that connected healthcare IoT devices have so many security vulnerabilities, it is important to isolate them from other parts of the network to limit the attack surface. The "network segmentation" phase involves steps such as ensuring connected medical devices can only communicate with devices or systems that are part of their clinical process and blocking external communications – unless needed to communicate with a device vendor or another known entity.
The next step is to isolate risks associated with services used on individual devices, also known as service hardening. It's important in step three to evaluate all connected medical and IoT devices as much as possible in order to apply the latest security patches, perform software upgrades, require authentication on all communication channels, close unused ports and reduce unnecessary device functions.
The fourth and final step is to limit external communications (for example, with vendors, clouds, etc.) to prevent breaches. As many of these devices require certain external connections to function properly and are used for time-sensitive, critical patient care, they cannot simply be disconnected from the network or shut down.
Instead, external communications should be limited to the bare minimum required. Therefore, in order to protect your medical and IoT devices:
- Establish monitoring and incident response procedures to identify breaches and infections in real time.
- Keep devices functional at all times.
- Leverage network segmentation to isolate a device and prevent attackers from communicating with other parts of the network.
- Wait for planned device downtime and use this opportunity to patch or clean the device to eradicate the threat.
Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.