Healthcare
Read our free whitepaper
IOT in the Medical Sector
Emerging Challenges, Threats and Defences
By Paige Pesigan
Download nowThe modern healthcare sector is packed with operational technology; from the vital medical devices keeping patients alive to the production lines of pharmaceutical companies, plus all the facilities like air conditioning, power management, CCTV and access control present in all of the buildings across the sector which underpin their key services. Healthcare also arguably is the sector with the narrowest margin between business-as-usual and loss of life as a result of a cyber attack. Whilst due to high-profile cyber attacks like Wannacry in 2017, IT cyber security has often been prioritised in healthcare environments, OT systems are often still overlooked but present a significant operational cyber risk to the likes of hospitals, pharmacies, doctor’s surgeries, and pharmaceutical and medical device manufacturers.
Why IS THE HEALTHCARE SECTOR vulnerable to cyber attacks?
Due to the 24/7 nature of many healthcare organisations, it can be incredibly challenging to keep any technology up-to-date to minimise vulnerabilities and mitigate against the latest cyber attacks. The proliferation of automated medical devices which are inherently insecure has significantly increased over the past few years.
Many healthcare organisations require relatively simple and timely access to sensitive patient medical data as part of their operations - often leading to a culture where availability is paramount over confidentiality. Due to the potential value in this data, this presents both an easy opportunity and sizable pay-off for would-be attackers.
The reasons for cyber attacks on healthcare organisations are many, but include:
State-based attacks
Corporate espionage
Disgruntled employees
Accidental/Unknowing actors
or a combination of any/all of the above
Ask yourself
How are you managing cyber security risk?
How are you protecting against cyber attacks?
How are you detecting cyber security events?
How are you minimising the impact of those incidents?
Cyber Security Regulation - Your responsibilities
There are regulations in place in many countries which attempt to ensure that Critical National Infrastructure providers (healthcare included) are striving towards the highest levels of cyber security on both their IT and their OT systems. In the United Kingdom and throughout Europe we have the Network & Information Systems Directive on Security (“NIS Directive”) which was written into law across the European Union in 2018. In the United States of America, there are similar regulations in place which follow the NIST CSF.
We can help you
We have years of experience in cyber security, digital forensics, incident response and software engineering. We also understand the unique challenges and requirements of Operational Technologies (OT). We develop software solutions from the ground up with these OT-specific challenges and requirements in mind, and we know that we cannot simply re-purpose (or rebrand) existing IT tools.
Perhaps you would like to make the whole NIS Directive auditing process a lot simpler, and a bit more collaborative - avoiding complex excel spreadsheets with dodgy versioning. Profile is built with the NCSC Cyber Assessment Framework (CAF) at its core, with more standards and regulations being supported. If this sounds of interest, then Profile is definitely for you.
Maybe you are looking for a more in-depth understanding of the OT assets and their vulnerabilities, but in a way that is automated but still safety and security critical. Dot currently has support for Modbus, Siemens S7, DNP-3, Ethernet-IP and more. If this sounds of interest, then Dot is for you.
Or perhaps you are looking for something a bit more bespoke, or require some consultancy. If we can help, we will. If we can’t help, then we will work with our partners to deliver the services and systems that you require.
Contact us today to get a quote, or to just chat about possibilities - with a guarantee of no hard-sell.
hello@awencollective.com