Keeping Healthcare Networks Up and Running, While Shutting Down Attacks

Stephan Goldberg

Stephan Goldberg

Jun 1, 2020


How do you open operations up and keep things going, while shutting down access to attackers? This is not a new cybersecurity dilemma – it’s the tightrope that network and IT security professionals have been walking for decades. However, due to recent events, it has never been so difficult, or important, to get right.

During this pandemic, we’ve seen the attack surface of healthcare organizations grow exponentially, as many organizations made the move to a remote operations model. To accomplish, these hospitals suddenly found themselves stuck implementing new hardware, software, and procedures, on a scale and at a pace that, to date, has had no equal.

That’s why, with the initial surge behind us, we felt it was an opportune time to take a step back and look at what works, what doesn’t, what needs to change, and what can be expanded upon. The goal is to figure out how to bolster the security stance of the healthcare networks, so they are prepared to meet the many different needs of the new normal, today and tomorrow.

You can check out the on-demand webcast, “The Cybersecurity Remedy: How Healthcare Professionals can Reduce Risk,” to hear Rapid7’s Senior Manager of Sales Engineering, Joe Agnew, Principal Advisory Services Consultant, Mike Cole, Senior Manager of VM Offerings, Justin Buchanan and Medigate’s VP of Systems Engineering, Stephan Goldberg, discuss how healthcare professionals can prepare for the still-uncertain future.

During this webcast, you will get a ton of good insights how the cybersecurity dynamics have changed within healthcare networks and tips on how best to mitigate the risks to ongoing operations and patient care. But, what you may miss, if you turn off the webcast at the end of the ‘formal’ presentation (which, let’s face it, many of us do), is the interesting discussion that occurred during the Q&A. So, I tried to capture the gist of a few of the questions and answers and provide them here to ensure you don’t miss some key takeaways:

Q: Since COVID-19, what are some of the cybersecurity trends in healthcare you have been hearing about?

There was the initial realization that many healthcare organizations didn’t really know what was on their network. There were the practical questions they were struggling to answer, like “How many ventilators do I have?” “Where are they located?” “Are they up-to-date?” “Are they currently in use?” And then there were the security questions they couldn’t easily respond to, like “What IoT is active in my network?” “Should that MRI machine be connecting to that server?” “Is that IV pump behaving as it should?” “Is that device involved in the delivery of patient care?”

Without answers to these types of questions, it is very difficult to make really good device management and security decisions that truly mitigate risks. You can’t protect what you don’t know about – you can’t effectively manage what you can’t see, so hospitals are starting to prioritize real-time visibility and implement technologies that can help them understand, at a granular level, the makeup of their clinical networks.

Another trend was the growing use of telemedicine. It has been very positive from a healthcare perspective, but very challenging from a cybersecurity perspective. Now, organizations have to worry a lot more about where sensitive patient data is located and how it is being used – where is it being stored, what devices are touching and transmitting it, what type of control and security do you have over those devices. The stakes are much higher in healthcare than other industries, so it’s a problem that can’t linger.

Q: We’ve all seen the news headlines, hackers leveraging these events to ramp up their efforts to cause harm to healthcare providers, so what advice are you giving clients (especially those in the healthcare industry) to stay safe and secure?

I think the advice we give starts with the simple premise – expect you will be breached. When you have this mindset, what you need to do becomes clear. You need to:

  • Invest in your ability to detect these breaches as soon as they occur and respond to minimize any damage.
  • Understand the role that each device plays in your clinical network, so you can act accordingly. Healthcare is unique in that a disruption can literally impact someone’s life, so visibility and context are key. If you know that a device is involved in patient care, then you know what you can and cannot do with it. You also know what it should and shouldn’t be doing. This allows you to pinpoint threats and precisely remediate them without affecting the ongoing operations of the device itself.
  • Go back to basics. It may be boring, but it is worth it. Spend some time on educating your staff on what they should and shouldn’t be doing and how they can help protect the organization from threats. Cyberattackers continue to go after low hanging fruit, so if you take some of those things away (stop people from using simple passwords or clicking on unknown links, etc.) you won’t preclude all attacks from happening, but you can help lower the rates of infection.

Q: Building off of that, do you think any of the practices folks have been putting into place during this pandemic will actually stay long after the pandemic is over?

Connecting “anything” to the network, even if it’s just temporary, is never a good idea. I think practitioners are going to have to ensure that extensions of the hospital – like pop up clinics in the parking lot – are included in the overall security strategy. They should be protected with the same rigor and security measures that are used throughout the network to ensure they aren’t the weak link that gives attackers an opening that allows them to establish a foothold in the environment. At minimum these temporary extensions should be limited in what they can access and segmented off from the rest of the network to prevent attack propagation and minimize incident impacts. Again, visibility will be foundational – you don’t want to be caught unaware, even for a moment.

I think it is fair to say that remote work is here to stay, so all the newly installed remote security capabilities, like VPNs, cloud application security, network access controls, etc., will become increasingly important for the long run. People will return to work, especially in healthcare, but it probably won’t look the same or be to the same extent as before. Please be sure to watch or share the on-demand webcast.

Medigate and Rapid7 webinar

Request a demo to talk to one of our cybersecurity experts on what you should be doing to better manage and protect your environment.