10 Best Practices for IoMT Security to See in 2022


10 Best Practices for IoMT Security to See in 2022
Sharon Schusheim, CIO and Vice President of Technical Services at Check Point Software Technologies

As the coronavirus pandemic has swept the world, hospitals and healthcare systems have tried to keep up with the needs of the community through IoMT (Internet of Medical Things) devices. Federal agencies have even authorized the emergency use of certain types of IoMT devices to control and reduce coronavirus disease. exhibition.

The benefits of the IoMT are attractive enough for the IoMT market to be ready to achieve a valuation of $ 158 billion by 2022. By 2023, forecasters predict that 68% of the world’s hospitals will depend on IoMT technologies in their day-to-day activities.

However, many IoMT devices are not cybersecure, which can jeopardize patient care. While IoMT devices offer healthcare providers new means to provide care, healthcare management groups need to address the major security challenges facing IoMT.

Here are 10 best ways to protect your organization’s IoMT devices.

1. Achieving visibility. Today, many IoMT devices in healthcare or hospital networks operate as shadow IT; invisible to network administrators or security professionals. Before launching new efforts designed to protect the IoMT, healthcare organizations need to identify existing IoMT devices in their networks.

Visibility provides organizations with the opportunity to monitor both medical technology units and the movement of data traffic, subsequently preventing side intrusions and attempted cybercriminal attacks. In addition, visibility can lead to long-term cost savings as it allows administrators to see what’s already in the systems and avoid unnecessary additional purchases.

2. Inventory tracking. Once the devices are visible, organizations should make an inventory, helping to determine what types of endpoints need cybersecurity protection and what kind of protection the organization should follow.

Creating a real-time digitized device inventory can also allow healthcare groups to instantly know the location of a device, which can save a patient’s life in a critical situation. High-quality real-time inventory tracking tools keep staff members from wasting time searching for devices across rooms.

3. Vulnerability audit. In February 2020, more than 30% of health leaders admitted to never having audited the medical IoT. Vulnerability auditing allows organizations to prevent security loopholes by installing patches when needed.

Where appropriate, depending on the nature of the computer, healthcare providers may want to patch devices with a security overlay based on network IPS, allowing the “virtual patch” of vulnerable computers. Alternatively, organizations may want to set aside or have underused devices that pose risks to cybersecurity.

4. Security segmentation. The vast majority of device-to-device communications are superfluous. Security through segmentation is good practice. By creating a separation between patient data and the rest of the computer network, cybersecurity experts can better understand network traffic and improve anomaly detection. As a result, IT staff can provide a better view of unusual traffic patterns or movements that may indicate the presence of an intruder or cyber infection.

5. Develop an IoMT security overlay. Organizations should be careful when selecting security policies and enforcement mechanisms for the IoMT. Consider adding a zero-trust security overlay to your network, which will allow you to improve the management of IoMT network access controls and lead to a reduction in cyber risk.

6. BYOD policies and application. While Bring Your Own Device policies are highly valued by both employers and employees, they can present persistent security issues due to the fact that these devices operate largely “out of reach” of IT administrators. In healthcare settings, BYOD devices may contain and be used to share sensitive patient-related information.

Although more research is needed to determine the precise effects of BYOD on patients’ health care outcomes, researchers recommend that the hospital and healthcare facilities follow the described BYOD policies. here.

7. Meet your salespeople. Select industry-recognized and well-regarded providers who care as much about your providers and patients as you do. Make sure your provider can help you manage every element of your complex IoMT ecosystem, including third-party or fourth-party risk.

8. Single purchase. Selecting a security provider that can cover all the security needs of your hospital or healthcare system makes managing cybersecurity easier and more efficient than working with multiple providers. In addition, a multimodal product means that you can avoid the headache of integrating a large number of hardware and software components. Integrated solutions can simplify security management everywhere.

9. Multilayer security. While our discussion has focused on technical security implementation options so far, don’t forget about physical security. Any device that is not in active use should receive adequate storage within designated areas, rather than occupying the corners of empty aisles. Healthcare organizations may want to connect physical security devices to network operations.

Physical and digital security strategies can be complemented. For example, organizations may want to restrict access to ports, preventing cybercriminals from silently connecting and adding malicious devices.

10. Cyber ​​security awareness training. Presenting non-medical education to well-trained health professionals can be a challenge. Healthcare professionals often perceive that they have all the necessary education for the job and want to focus on patient care. Information technology professionals who want to provide cybersecurity training to healthcare providers need to think about how they can align with staff.

IT professionals should emphasize how cybersecurity awareness leads to better patient care. Cybersecurity messages can be better transmitted by an authorized professional colleague, rather than an IT staff member.

A number of IoMT devices have played a key role in advancing the quality of health and healthcare in the wake of the coronavirus pandemic. IoMT can offer an invaluable set of benefits, making life and livelihoods easier and more comfortable.

While ensuring IoMT remains an ongoing challenge for information technology teams, cybersecurity strategies are fundamental and sound. solutions can enable your organization to stop threats.

As with any other type of security deployment, the perfection of IoMT security is a journey. As nefarious people evolve their malicious techniques, technologies and best practices also change and transform. To ensure that your organization maintains IoMT devices, make sure you are up to date on emerging threats, patches, technologies, training, and IoM analysis. Be the healthcare group that patients trust.

About Sharon Schusheim

Mr. Sharon Schusheim acts as Check Point software technologies CIO and VP Technical Services. He joined Check Point in 2006. During his time here he has also served as Vice President of Sales Operations and Vice President of Technical Services. Before joining Check Point, Mr. Schusheim served as corporate vice president of Paradigm Geophysical, the largest independent developer of software-enabled solutions for the global oil and gas exploration and production industry. Prior to that he worked at Scitex Corporation. Sharon has a BsC, Industrial Engineering, from Technion-Israel Institute of Technology.

Source link