Post by Stephan Goldberg, VP of System Engineering, Medigate, and Ramik Chopra, Global Industry Lead for Healthcare, Splunk
The healthcare industry is increasingly relying on real-time decisioning, using data from a wide range of sources, such as electronic medical record (eMR) systems, medical devices, mobile and remote services, etc., to improve patient care and outcomes. We sat down to talk about what this move means for the industry and show how the health systems can get the insights and control they need to keep patient data and care safe. Key takeaways from that discussion follow, but if you are interested in seeing a detailed demo of the Medigate and Splunk solutions, you can access the on-demand webinar here.
It’s All About Data
It takes a lot of data about all the devices within the healthcare delivery organization (HDO) to make real-time decisioning work. These devices make up the modern, hyper-connected HDO, as health information systems interact with the critical care-delivery infrastructure over the same converged network. This results in private and sensitive data (PHI) being stored and transmitted by various unmanaged endpoints, including tens of thousands of medical, IoMT, and IoT devices on the hospital’s network. In light of this, it is extremely important for health systems to protect all the devices within their operations to ensure patient data and, ultimately, care remains safe and reliable.
Unfortunately, that’s easier said than done. In 2019, cyberattacks on health systems jumped 60%; this year, healthcare delivery organizations continue to be a target. Most of these attacks exploit human weaknesses in some form or another―they try to trick users (e.g., click on a link, open an attachment, go to a site, etc.) or leverage bad practices (e.g., use easy to guess passwords, delay patching vulnerabilities, etc.) to gain entry. HealthITSecurity reported that an assessment of successful ransomware attacks at 50 hospitals found that:
Requirements to Protect Data and Devices
To make sure health systems can protect their data and devices, they need to:
- Understand their environment, with detailed visibility into everything, managed and unmanaged, connecting to the network, so there are no blindspots and no devices unaccounted for within the health system’s security and management strategies.
- Manage risks posed by all the different devices in use in the network. This takes accurate assessments that can identify the devices that are most vulnerable and open to exploit, so health systems can focus resources and prioritize efforts, from patching to network-based protections, to effectively manage and mitigate the risks in their network.
- Detect and respond to attacks in the network. This takes monitoring and analyzing how devices are connecting and a contextual understanding of what to expect from different devices, so that anomalous behavior, out of flow communications, and unusual data or application usage, can be detected and stopped before it can do any damage.
- Auto-mitigate risks through network-centric prevention that reduces the risks of the devices connecting to the network. By connecting the data and clinically-vetted recommendations to the enforcement points in the network (such as a firewall or NAC), health systems can auto-mitigate alerts to prevent ePHI data exfiltration and stop device performance manipulation.
How Medigate and Splunk Deliver
Medigate and Splunk have partnered to deliver a comprehensive clinical SOC solution that gives health systems the real-time data needed to detect, manage, and respond to cybersecurity events to keep their patient data and care safe. The information captured and analyzed by Medigate on the connected medical and IoT devices active in the environment, network communications, and risks detected are fed into Splunk’s Enterprise Security (ES) platform to enable sophisticated investigations and facilitate effective playbook development, incident response, and remediation activities.
This healthcare-dedicated solution provides clinical context and relevance, so health systems know exactly what findings mean and can take action to improve the security of their operations. It starts with the ability to accurately detect and thoroughly investigate suspicious medical device communications, based on a precise understanding of manufacturer-intended behaviors and clinical workflows. These anomalies are correlated with intel from other IT sources to trace the potential attack vector from end-to-end. Finally, by creating a clinically-based playbook on Splunk Phantom, Medigate and Splunk make it easy for healthcare organizations to automatically pinpoint a device’s location, analyze its current utilization, and alert clinical engineering personnel to quickly remediate any threats.
To see a full demo of this powerful integration, watch the full webinar.